Unlocking Security: The Power of Password Managers and Passkeys for Business Professionals

Cyberattacks increasingly impact organizations of every type and size, and they can be devastating. For example ‘My company thrived for 150 years — then Russian hackers brought it down in three months’. Sadly, humans are often the weakest link. A recent Verizon Data Breach Investigation report found that 85 percent of all successful attacks involve human error, and world-renowned cybersecurity expert Bruce Schneier has said, “Only amateurs attack machines; professionals target people”. In this case, targeting focuses on stealing, guessing, or cracking user credentials (username and password), allowing attackers to assume the identity of a legitimate user or process, often referred to as Account Take Over (ATO).

How big of an issue is ATO? The 2023 Microsoft Digital Defense Report indicated that 99.2 percent of successful cyberattacks compromise the digital identity of individuals or systems to steal information, disrupt services, or commit financial fraud. 

The traditional recommendation to defend against identity-based attacks has been to use complex, unique passwords for each account coupled with multi-factor authentication (MFA). However, managing numerous unique passwords can be daunting and may lead to risky practices such as reusing or creating simple passwords.

Enter the Password Manager

A password manager is an encrypted digital vault that can securely generate, store, and retrieve online credentials. A quality password manager offers:

• Security: Easily create complex, unique passwords for each account.
• Efficiency: Auto-fill features save time logging into accounts while improving security.
• Audit and Update: Scan for an alert to weak or reused passwords.
• Cross-Platform Access: Access your credentials anywhere using your laptop, tablet, or phone.
• Collaboration: Shared vaults can allow team access, controlled by robust permissions.
• Ease of Use: You only need to remember one master password. The password manager handles the rest.

The Magic of Passkeys

Passkeys are the next evolution in secure authentication. Unlike traditional passwords, passkeys are unique cryptographic keys used for authentication when logging in. Passkey benefits include:

• Improved Security: Passkeys rely on public key encryption, making them difficult, if not impossible, to phish.
• Convenience: Once configured correctly, logging in is as simple as sharing the passkey with your phone or another device, eliminating the need to enter your credentials.
• Futureproofing: Passkeys are increasingly common, adopting them now puts you ahead of the curve and improves your security.

How A Password Manager Amplifies Passkey Benefits

• Centralized Control: passkeys are device-bound, but your password manager can securely store and manage them for you.
• Cross-Platform Ease: Manage passkeys across different devices and operating systems, ensuring you’re always protected and ready to work.
• Bridging the Gap: A password manager that securely manages traditional passwords and passkeys provides the best of both worlds and a seamless transition as passkey support increases.

Actionable Advice

1. Select a Trusted Password Manager: While I recommend 1Password, many good options exist. Learn more about how to choose a password manager here.
2. Secure Your Password Manager: Ensure your master password is complex and unique. Use a phrase that is easy to remember and type but hard to guess, such as “IL0vePizz@With@nch0vies!”. And enable MFA for your password manager account!
3. Educate Your Team: Embed passkey and password manager use into your organizational culture. 
4. Regular Audits: Use your password manager to check for weak or breached passwords and update accordingly.

The combination of password managers with passkeys protects your assets and safeguards your organization’s future. By adopting these tools, you’re not just securing your digital life but investing in peace of mind and operational efficiency. In today’s increasingly dangerous cyber landscape, that’s priceless.

Dave Hatter – CISSP, CISA, CISM, CCSP, CSSLP, PMP, ITIL, is a cybersecurity consultant at Intrust IT. Dave has more than 30 years of experience as a software engineer and cybersecurity consultant and has served as an adjunct professor teaching software development at Cincinnati State for 20 years. Follow Dave on X (@DaveHatter) and LinkedIn for timely and helpful technology news and tips.