Strategies of 7 Cybersecurity Specialists in Handling Passwords
In the digital age, managing numerous passwords for personal and professional accounts can be a daunting task. However, several cybersecurity experts have found a solution in the form of password managers.
Chris Niggel, regional CSO of the Americas at Okta, is one such advocate. Niggel uses password managers to manage both his personal and business accounts, and even offers an option for separating the two. He deems password managers as an excellent tool for managing disparate systems.
Niggel isn't alone in his appreciation for password managers. Jaya Baloo, CSO at Rapid7, has been using a password manager for nearly a decade. Since 2012, Baloo has been meticulous about her hardware, passwords, and data storage, taking extensive measures to maintain a defensive posture. Baloo acknowledges that these measures were not always easy for non-security-minded individuals to implement in the past.
Matthew Prince, CEO and co-founder of Cloudflare, shares a similar sentiment. Prince finds using a password manager and a hard key to be easier than relying on text messages or remembering passwords. He uses Keeper and physical passkeys with Cloudflare Access for managing both his personal and company accounts.
Chris Morales, CISO at Netenrich, also endorses the use of password managers. Morales doesn't know any of his passwords because they all suck. He uses Microsoft Authenticator but is pushing to eliminate passwords altogether by the end of the year.
Michael Sikorski, CTO and VP of threat intelligence at Palo Alto Networks' Unit 42 outfit, is another advocate. Sikorski uses a password manager for all his accounts, including Netflix and bank accounts, and has a gigantic, randomly generated password that he doesn't know.
John Dwyer, head of research at IBM Security X-Force, prefers a locally stored, encrypted password manager. Dwyer runs the risk of losing access to his password stash if he loses his encrypted hard drive.
Chester Wisniewski, field CTO of applied research at Sophos, uses Bitwarden for password storage and a YubiKey token for authentication. Wisniewski's Bitwarden instance is self-hosted and protected in his own way. Wisniewski considers physical passkeys like YubiKey to have potential as a game changer, but implementation may be complex.
While password managers offer a secure solution for managing passwords, they are not without their risks. For instance, John Dwyer has yet to accept the risk of using a cloud-based password manager.
In conclusion, password managers have become an essential tool for cybersecurity professionals managing multiple accounts. However, the risks associated with their use, such as potential data loss, should not be overlooked. It's crucial to take additional measures, such as multifactor authentication and secure storage, to ensure the safety of one's password stash.
Read also:
- Companies exercise prudence towards AI adoption, ensuring secure implementation: Exploring safeguards and strategies.
- Stolen Brain Data of Sinner and Leclerc (Yellow chroma), previously held in China, repurposed for military training purposes.
- Increased instances of Russian-originated disinformation on social media platforms detected following the shooting of Kirk
- Financial researchers at Carnegie urge immediate efforts to counteract cyber threats in the financial sector
