Secure passwords are and will become more and more important and password managers, which are supposed to facilitate the administration of unique passwords, become all the more interesting. Especially in the corporate environment, these are indispensable. Basically, it is worth clarifying why passwords, and especially secure passwords, are so important.

What are passwords and why are strong passwords so important?

A password is a contiguous string of characters used to determine whether a computer user who wants access to a computer, network, website, or service is actually that user.

A majority of German internet users choose weak passwords to log on to digital portals. This is the result of a representative study by the e-mail provider Web.de. This careless use has consequences: One in five has already fallen victim to password theft.

What does a secure password look like?

A secure password is the best protection against attacks on WLAN routers, online banking accounts or corporate networks. With the following overview we see what makes a secure password:

1. Complex password: When generating passwords, the rule is: the longer, the more secure. Therefore, it is best to choose a password that consists of at least 12 characters and four types: upper- and lower-case letters, digits, and special characters.
2. Combine terms: We do not use obvious or well-known terms such as the names of family members, pets, friends, favorite stars, or birth dates. We can randomly select the individual words and combine each of them with a space or another special character to strengthen security.
3. Create a password for each access: We use different passwords for all accesses and accounts and do not use the same password for multiple logins at the same time.
4. Use two-factor authentication: If two-factor authentication is possible, we use it. The 2FA technologies (e.g. code via SMS, TAN generator) further increase security.

However, even more secure access can be achieved with passphrases.

What is a passphrase?

A passphrase consists of a larger number of characters compared to a password. Due to longer character strings, greater security can be achieved by using passphrases. A passphrase can be used for encryption, signatures or for access protection of IT systems.

Examples of a passphrase:

• bananas have a red color and taste bitter
• cars have a nose and drive downwards

Each of these two passphrases consists of 8 words, which are easy to remember in themselves. Despite this, the likelihood of someone guessing this passphrase or its illogicality being deciphered by an algorithm is extremely unlikely.

Starting from a high security standard, password security is elementary.

What is two-factor authentication?

In principle, a second factor always increases security, but it also depends on how the second factor is implemented and used. The following groups of methods for two-factor authentication can be distinguished:

TAN/OTP systems as a second factor after a password: A TAN or OTP is a one-time password that can be transmitted as a second factor and must be entered in addition to the password.

Alternatively, the TAN is transmitted to the user by the service provider via a different transmission channel or to a different terminal. The most common method is transmission by SMS (mTAN, smsTAN), possibly with additional transaction information. However, it is not advisable to use the same device for receiving the mTAN as for logging in or using the service (insufficient separation of the factors).

Biometric systems: Biometric systems verify the presence of a previously captured unique physical characteristic (fingerprint, face, retina). Biometric features are not normally "secret," so life detection is important to prevent the systems from being tricked with a photo, for example.

Why do we use a password manager and which ones are available?

Password managers are libraries of personal passwords secured with a master password and, ideally, two-factor authentication. Many providers in this area offer their services within their standalone cloud solution. While this has the advantage that you can always get to your passwords yourself, it requires a generous amount of trust in the provider.

Especially in the corporate environment, passwords can get the upper hand. Based on multiple customers using Microsoft services, Google services, NAS systems, databases and much more, this can quickly mean hundreds or even thousands of passwords, all of which must meet a high security standard. In addition, a major advantage of password managers is the ability to manage company-wide user rights and shares for other employees or customers. To keep track of this, we can't do without a password manager.

The most popular password managers and a password manager that convinced us:

Why we chose Psono?

Probably the most important aspect is "On-Premises". Psono is one of the few password managers to offer the option of self-hosting, which means full control over databases, logs and access. In addition to being an open source software, Psono attaches great importance to high security standards and includes a distinctive data storage and user management.

Many companies attach great importance to their corporate identity. Here Psono offers a wide range of customization options for the user interface. From customized corporate logo, personalized colors or completely customized CSS, Psono leaves nothing to be desired.

Psono includes its own filestorage where images, documents, notes, TOTP authentications and much more can be stored. Coupled with the in-house Psono admin backend for managing the filestorage, deactivating and deleting users, and keeping track of and logging updates, Psono provides us with a powerful system.

Are you looking for a suitable password manager for your company that meets your requirements and wishes? Then take a look at our onlineshop or contact us now and we will support you as a reliable partner for the selection and setup!

Sources: https://blog.adacor.com, https://protekto.de, www.computerweekly.com, www.bsi.bund.de, www.bsi.bund.de