Disclaimer: University Information Services does not provide support for password management software. This article outlines some suggestions for choosing a password management software, and some tips for using a password manager.
What is a Password Manager
Password management software assists in creating and for storing account credentials such as usernames, passwords, personal identification numbers, and similar information. A good password manager will securely store your information in an encrypted container that protects this sensitive data from unauthorized access. This article outlines some topics to consider when choosing a password manager, and some suggestions for using your password manager of choice.
Cloud Service or Not
A clear dividing line between password managers is whether or not your password manager is hosted in the cloud or not. Cloud-hosted password managers typically offer the convenience of having your credentials available across your various devices. These services are typically easier to use and maintain, and the service should declare how they encrypt and decrypt your password data. Cloud solutions can sometimes require one-time or subscription costs, and any service you choose should be earning your greatest trust. After all, this service will be storing and granting you access to all your account credentials.
A more in-depth review of the pros and cons of cloud storage for password managers can be found here: https://nakedsecurity.sophos.com/2017/11/24/cloud-password-managers-would-you-use-one/
Software Updates and Security Vulnerabilities
As with any piece of software, install security updates as soon as possible. If electing to utilize a cloud service, investigate how responsive the service provider is to disclosing and fixing vulnerabilities.
Use a Unique Main Password
You’ll need to password protect your password manager itself. Your password manager will likely store credentials you use on a number of websites and services, so using a strong main password to access your password manager is incredibly important. Your main password stores the keys to your digital kingdom, so your main password should be a strong, complex password that you do not use for any other account or service.
Whatever you use for your password manager, be sure to store your main password in a secure location. University Information Services will not be able to assist with recovering password manager access.
Multifactor Authentication
Multifactor authentication is a process where access to an account will require a second piece of information (i.e. in addition to a username and password) before allowing access. Since your password manager is likely to store so much important information, you may want to consider enabling multi-factor authentication to better protect your suite of passwords from unauthorized access. Various password manager solutions will offer different kinds of multifactor options. If you do choose to enable multifactor authentication, be sure to choose one that you can reliably access.
Recovery Options
Many password managers offer additional recovery options should you forget your main password. Some examples of this are password hints or one-time use passwords, which should be stored in a secure location. A recovery method is an important consideration when using a password safe.
Password Re-Use
Password managers provide the ability to store and use passwords efficiently, so take advantage of this by using unique passwords at each website or service you use. Whenever a service you use is breached, the service provider should notify you and will often recommend you change your password. By not re-using the same username and password on multiple webpages or services, you’ll reduce the likelihood that someone will be able to access your other accounts.
Best practice would also be to never use your main password anywhere else.
This website can assist you with determining if your account has been compromised in a previous data breach: https://haveibeenpwned.com/
Password Sharing
Some password managers provide the ability to share authentication for accounts you specify with other individuals. Others cannot share authentication for individual accounts, and instead would require you to share your entire password vault or nothing at all. If this is an important feature for you, take time to investigate these options. Password sharing for personal or professional use should include a periodic audit of what has been shared such that credentials are not available to those who no longer need them.
Per the University's Password Management Policy (https://www.pacificu.edu/node/18026), sharing PUNet passwords is prohibited.
Popular Password Managers
While University Information Services cannot provide technical support for Password Managers, as of this writing the password manager software and services below can be recommended for use.
Cloud Services
Self-Hosted