Choosing a Password Manager: Top 3 Security Features to Look For

NonprofitSmall BusinessTechnologySystems
Written By Gregory Perrine

By KeJuan Carter - eGuide Systems Manager

Intro 

A growing necessity for organizations large and small is the utilization of a password manager.  Password Managers have the ability to harden your security as you navigate the internet, protect vital information through secure storage, and make it possible to not have to remember every password you’ve ever created.  There are several password managers on the market that provide roughly the same services, but as data breaches become increasingly more frequent, choosing the right password manager must be prioritized.  Now we cannot tell you which password manager to choose, but here are 3 security features that you should look for to make your decision easier and more informed.

Zero-Knowledge Security

It’s true that any technology-based company can be hacked, but can a hacker steal something that isn’t there?  One indicator of a strong password manager is if they have a Zero-Knowledge security model.  Simply put, Zero-Knowledge Security means that, although the password manager knows your passwords, the company that makes the service does NOT. Think of it like a high tech safety deposit box where you have the only key and only you know the location.  A hacker can breach the system all day, but because the company doesn’t house the password, there’s no real way for the hacker to gain access to your vault.

Click here for more information about Zero Knowledge Password Managers

PBKDF2 Hashing Algorithm

A lay-person might look to see if a password manager is utilizing strong encryption techniques to protect the passwords that they manage.  However, encryption is a two-way function in which information can be scrambled and then unscrambled later - this is what is meant by “cracking the code” or “decrypting an encrypted file”...any hacker can do this.  What you should look for instead is what hashing algorithm is being used.   Hashing is a one-way function in which a password, in this case, is transformed into a different value.  The biggest difference between encryption and hashing is that encryption can be reversed, while hashing cannot.  The industry standard hashing algorithm is PBKDF2 (Password-Based Key Derivation Function2) and its purpose is to withstand brute force attacks from threat actors.  The OWASP (Open Web Application Security Project) Foundation recommends that a password manager utilizes PBKDF2 with a work factor of 310,000 iterations.  However, most password management companies choose a work factor with fewer iterations in order to balance security and performance.  The higher the iterations, the slower the performance of the platform.

Click here for more information about the PBKDF2 Hashing Algorithm

Click here for more information about OWASP’s Password Storage Recommendations

Multi-Factor Authentication

Multi-factor authentication is becoming more common-place as more services require you to login.  Any password manager that is offering strong security will also provide multi-factor authentication as an extra layer of security and protection.  Multi-factor authentication is a cyber security method that requires the user to verify their identity through a second validation source in order to gain access to an account.  Having multi-factor authentication as that extra layer of security will make it nearly impossible for a hacker to access your account without you knowing.  Security at this level makes your account less likely to be a target for hacking.

Click here for more information about Password Managers with Multi-Factor Authentication

Conclusion

With the increase in cyber security attacks, to governments and companies alike, it is more important than ever to know what you are looking for when determining which password manager to use.  Be sure to look for password managers that utilize Zero-Knowledge Security, a PBKDF2 Hashing Algorithm, and Multi-factor Authentication.  That is by no means an exhaustive list, but if the platform you are researching has these components, you are headed in the right direction.

Help Someone. Have Fun, Be You. Learn & Teach. Finish What You Start.

Gregory Perrine

Avid troubleshooter and eternal student, Greg was inspired by his grandmother's experience with technology and launched eGuide Tech Allies. With over a decade in sales experience, Greg honed his business skills in the world of high-end off premise catering, learning the ins and outs of operating a small business. Greg brings his passion for helping others and enriching the lives of those around him to the core of this business. 

http://www.eguidetechallies.com
Previous

Generation Citizen Case Study - Salesforce Technology Implementation
Next

V2MOM in Action | eGuide Tech Allies