Page 59 - Cyber Defense eMagazine - October 2017
P. 59
generated, stored, and used, without a user having to remember them, reuse them, or
type them.
Password managers are not new, but at this point I’ll part with the casual tone which
usually accompanies the typical security recommendation. Absolutely everyone on the
planet, without exception, should be using a password manager. Every organization
should have a policy which provides password managers and makes their use
mandatory for every employee. All organization system / service account passwords
should be stored in a password management app. Once the challenge of remembering
and typing lengthy, complex passwords is eliminated, truly strong password usage
across an infinite number of accounts becomes a trivial matter.
There are several fine alternatives out there, such as LastPass
(https://www.lastpass.com) and 1Password (https://1password.com). For management
of shared system / service accounts within organizations, Thycotic Secret Server
(https://thycotic.com/products/secret-server) is an option. There are others, but the
regardless of the password management app chosen, the goal is the same: solve the
real problem, and don’t deal any longer with passwords that can be easily cracked. It’s
all just a matter of common sense.
About the Author
Brad O’Hearne is a 25-year career software architect /
developer, application security expert, and independent
security researcher.
He resides in Gilbert, AZ and enjoys cycling, soccer, reading,
and spending time with his family. He is available for
consultation and can be contacted at
[email protected].
59 Cyber Defense eMagazine – October 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide.
