“Use a strong and different password for every online service, device, email account and website you have.”
As an owner or contributor to a few WordPress sites you are subscribed to an overwhelming number of online services and websites. And even though you agree with the above statement, it is very difficult for you to follow this security best practice, even though you enforce strong WordPress password policies on your sites.
However there is a solution; password managers. This article explains what password managers are, their benefits and how you and your team can use them.
What is a Password Manager?
A password manager is a software or online service where you store your credentials (usernames + passwords) securely. All the credentials in the password manager database are protected by one master password, or two-factor authentication mechanism, which makes it more secure.
Why Do You Need a Password Manager?
Use a password manager so you can use very strong, difficult to guess and different passwords without having to remember them. When you use a password manager you only have to remember the master password.
Also, encourage all your WordPress site users to use a password manager. This is very important, especially if you enforce strong WordPress password policies. Policies are needed to encourage users to use strong passwords, and by introducing them to a password manager they won’t find it difficult to comply.
The Other Benefits of Password Managers
Other than helping you improve the security of your work environment there are several other benefits to using a password manager:
Documentation / Bookmark: It impossible to remember the names and URLs of all the services you use. Use the password manager as your documentation – add comments to every entry so you can easily document, bookmark and search in your records.
Increase productivity: Manually looking for credentials in a notebook or on post it notes and typing them in manually is not efficient. However it only takes a click or two to find the right credentials and auto fill the forms when you use a password manager.
Which Is The Best Password Manager?
There is no best password manager. It depends on your requirements. At WP White Security we use two solutions. We use 1Password, and KeePass. 1Password is an online service. KeePass is a free software that you install on your computer. We use both solutions because we need a password manager in our offline testing environment. And KeePass fits the bill.
The first decision you have to make when choosing a password manager for you and your WordPress business is whether you want an online service or a software on your computer. Both options have their pros and cons. However, an online service has no administration overheads and it is easier to share credentials between devices. With a self hosted software you have to backup and secure the password database yourself, resulting in more overheads to deal with.
Password Manager Features
Below is a list of features that password managers should have. This list should help you determine if the solution you are evaluating is the right one for you:
- Two-factor authentication support (when possible always enable 2FA to better protect your credentials)
- Encryption of your credentials database
- Auto fill of web forms
- Actionable password strength report
- Configurable strong password generator
- Warnings for when you use a password for more than one service
- Option to hide usernames and passwords in the UI
- Configurable reminders to change passwords regularly
- Supports secure sharing between devices and users (credentials can be easily accessed from multiple devices.
Strong Passwords = More Secure WordPress Sites & Business
Weak passwords are the most common source of successful WordPress hack attacks. Educate your team on what makes a strong password and what password managers are. Show them how they can use them so they do not jeopardize the security of your business WordPress site.
Password managers are no longer a commodity. They are a must. With the number of services and subscriptions we use nowadays it is impossible, insecure, and irresponsible not to use a password manager.