Difference between revisions of "Password Management"
(Created page with "===Best Practices=== * do not store passwords in your browser, use a password manager instead ===Password Management Software Options=== * [https://www.lastpass.com/ Lastpass...") |
m (→List of Technologies and Tools That a User Might Consider) |
||
| (10 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | === | + | ===What Is a Password Manager Tool?=== |
| − | + | A password manager tool is software that helps users encrypt, store, and manage passwords. | |
| + | The tool also helps users create secure passwords and automatically log in to websites. | ||
| − | ===Password | + | ===Who Might Use a Password Manager Tool, and Why?=== |
| − | + | Users should employ unique passwords for each website or system to help minimize the impact | |
| − | + | from the breach of one website or system; however, most users cannot remember a separate | |
| − | + | password for many sites and tend to use the same password or write them on a sticky note | |
| + | attached to their computer. Additionally, organizations may have passwords that need to be | ||
| + | shared across teams and want a secure method to do so. Password manager tools allow users to | ||
| + | more securely manage many distinct passwords and automatically log them in to websites. | ||
| + | ===The Benefits of Using a Password Manager Tool=== | ||
| + | Password manager tools enable users to create and securely maintain unique passwords for | ||
| + | websites and other systems without having to memorize or write them down. | ||
| − | + | ===Risks to Consider When Using a Password Manager Tool=== | |
| + | Special care should be taken to secure the password tool, as it will grant access to all passwords. | ||
| + | The “master” password that grants access to the tool should be very strong and unique, and | ||
| + | multifactor authentication should be used if possible. Additional considerations include | ||
| + | whether you want your password management tool to store the passwords locally or in the | ||
| + | cloud. | ||
| + | |||
| + | ===List of Technologies and Tools That a User Might Consider=== | ||
| + | Below are two popular password manager tools that an end user might consider for use. Users should evaluate which tool works best for their | ||
| + | unique purposes. Neither EDUCAUSE nor HEISC (or Evergreen) recommends a particular tool; users employ | ||
| + | these at their own risk. | ||
| + | * '''[https://1password.com/ 1password]''' does not share encryption keys with 1Password, but it provides a password strength | ||
| + | indicator. The password database can be stored in Apple’s iCloud, through Dropbox, or locally | ||
| + | on personal devices. Use across multiple devices is simple if stored in the cloud but more secure | ||
| + | if stored locally. The iOS version can be configured to support Touch ID on compatible devices. | ||
| + | |||
| + | * '''[https://keepass.info/ KeePass]''' does not share encryption keys with KeePass, but it provides a password | ||
| + | strength indicator. The password database is not stored in the cloud. Use across multiple | ||
| + | devices is a little more complex, as the user needs to maintain access to the private password | ||
| + | database manually. | ||
| + | |||
| + | ===Higher Education Reference Pages=== | ||
| + | * [http://www.bu.edu/infosec/howtos/password-management/ Boston University] | ||
| + | * [https://protect.iu.edu/cybersecurity/safeonline/passphrases/vaults Indiana University] | ||
| + | * [http://community.pepperdine.edu/it/security/password/passmgrs.htm Pepperdine University] | ||
| + | * [http://www.purdue.edu/securepurdue/pswdManager.cfm Purdue University] | ||
| + | * [https://security.illinois.edu/content/use-password-manager University of Illinois at Urbana-Champaign] | ||
| + | * InCommon webinar: [http://www.incommon.org/iamonline Security Awareness for User Authentication: Passwords and Beyond] (October 9, 2013) | ||
| + | |||
| + | |||
| + | |||
| + | '''Source:''' [https://library.educause.edu/resources/2015/7/password-managers Educause / HEISC] | ||
[[Category:Network]] | [[Category:Network]] | ||
| + | [[Category:Security]] | ||
Latest revision as of 12:49, 3 September 2024
Contents
What Is a Password Manager Tool?
A password manager tool is software that helps users encrypt, store, and manage passwords. The tool also helps users create secure passwords and automatically log in to websites.
Who Might Use a Password Manager Tool, and Why?
Users should employ unique passwords for each website or system to help minimize the impact from the breach of one website or system; however, most users cannot remember a separate password for many sites and tend to use the same password or write them on a sticky note attached to their computer. Additionally, organizations may have passwords that need to be shared across teams and want a secure method to do so. Password manager tools allow users to more securely manage many distinct passwords and automatically log them in to websites.
The Benefits of Using a Password Manager Tool
Password manager tools enable users to create and securely maintain unique passwords for websites and other systems without having to memorize or write them down.
Risks to Consider When Using a Password Manager Tool
Special care should be taken to secure the password tool, as it will grant access to all passwords. The “master” password that grants access to the tool should be very strong and unique, and multifactor authentication should be used if possible. Additional considerations include whether you want your password management tool to store the passwords locally or in the cloud.
List of Technologies and Tools That a User Might Consider
Below are two popular password manager tools that an end user might consider for use. Users should evaluate which tool works best for their unique purposes. Neither EDUCAUSE nor HEISC (or Evergreen) recommends a particular tool; users employ these at their own risk.
- 1password does not share encryption keys with 1Password, but it provides a password strength
indicator. The password database can be stored in Apple’s iCloud, through Dropbox, or locally on personal devices. Use across multiple devices is simple if stored in the cloud but more secure if stored locally. The iOS version can be configured to support Touch ID on compatible devices.
- KeePass does not share encryption keys with KeePass, but it provides a password
strength indicator. The password database is not stored in the cloud. Use across multiple devices is a little more complex, as the user needs to maintain access to the private password database manually.
Higher Education Reference Pages
- Boston University
- Indiana University
- Pepperdine University
- Purdue University
- University of Illinois at Urbana-Champaign
- InCommon webinar: Security Awareness for User Authentication: Passwords and Beyond (October 9, 2013)
Source: Educause / HEISC
