Security Practice: Password Managers

In our first article Beware of Phishing, we covered the most common security vulnerability that exists – the Human Element. We aren’t computers so we can’t remember highly complex passwords and instead rely on common information to form passwords like our family’s birthdays, school names and other commonly accessible information. The problem is that this information is easily guessable by a targeted phishing attack. Are you using a birthdate for a bank security number?

In this article, we hope to persuade you to try out one of these two password vaults. A password manager helps by generating highly secure passwords on websites, saving them behind a single “master password”. The benefit being that your websites can each have a unique and highly secure password, the vault holds the keys to unlocking this password. The largest danger here is the vault itself being hacked – both of these solutions have their own way of preventing that from happening. LastPass uses two-factor authentication and Enpass is only stored locally by default.

Things to put in the vault.

  • Credit Card numbers for company use
  • Government Identification Numbers
  • Bank Account Numbers
  • Licenses
  • Travel Identifications Numbers
  • Anything that is complex to remember and needs securing

COMPARISON

  • Both have password generators that allow you to create strong, unique, customizable passwords
  • Both use a master password to protect your data
  • Both use one-sided encryption
  • Both are free
  • Both have security features that allow you to monitor your password policy

CONTRAST

  • LastPass offers two-factor authentication
  • LastPass offers a paid premium version
  • LastPass offers specific family and business versions of the application
  • Enpass is accessible offline
LastPass Enpass
Password Best Practices Yes Yes
Security Policy Monitor Yes Yes
Browser Extensions Yes Yes
Price Free or $3 per month Free or $11.99 one time for Pro ( Syncs with Cloud Backend )
Two-Factor Authentication Yes No
Business Version Yes No
Available Offline No Yes

OUR PICK

LastPass is the best available medical business technology because of offering cloud sync, business support and two-factor authentication. Enpass is a great tool and recommended for its full feature free software, however, it doesn’t offer business specific solutions.

HOW TO

LastPass

LastPass only works when connected to the internet. The desktop browser app is not required; only the browser extension and LastPass website are needed to manage your security credentials.

  1. Visit https://www.LastPass.com/ and click “Get LastPass Free”
  2. Create a strong “master password” which is your LastPass profile password. Other users can have their own accounts with delegated access.
  3. Upon Login click the button to download the browser addon.
  4. Activate Two-Factor Authentication by clicking on your profile icon, then “Account Settings”. Select “Multifactor Options” and click the pencil next your preferred method, probably Google Authenticator, to edit. Change to Enabled. Click the link “View Your Barcode” and use your smart phone to complete the Authenticator connection.

 

LastPass is installed and ready to use. If you need more training please watch this video series – LastPass 101

Windows 10 users can skip the installation steps for either app and instead hit the windows key and type the password manager name “LastPass” or “Enpass”. The link will take you to the Microsoft Store to complete the free download.

Enpass

Unlike the web-based LastPass, Enpass maintains all the data on its local database unless you purchase the pro-version to sync to your preferred cloud backend. Download the installer and use Enpass like a normal application. Add an extension to access your password vault from the browser.

  1. Visit https://www.enpass.io/ and click Download Now. You will be given a list of Operating Systems – choose Windows.
  2. Run the Installer from your Downloads
  3. Run Enpass for the first time to set up a “Master Password” – this password will be used to lock the vault. Select a strong password and write it down where it can’t be lost, because it can’t be recovered!
  4. Now that everything is working there visit https://www.enpass.io/downloads/ and select “Extensions” from the second level navigation. There you should find a list of browsers, like “Chrome”.

CONCLUSION

Password managers can ease a common problem. A little practice and you will be creating and storing highly secure and unique passwords for each of your business critical transactions.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *