About Password Managers
This guide is provided by the UA Security Matters team and is inspired by the Higher Education Information Security Council’s guide on the same topic. At the time of this publication, there is no recommended or enterprise-supported tool for password management at University of Alaska.
This guide is intended to demystify the topic and does not provide recommendations or support on any of the technologies within.
What Is a Password Manager Tool?
A password manager tool is software that helps users encrypt, store, and manage passwords. The tool also helps users create secure passwords and automatically log in to websites.
It is a best practice to use a different password for each service you use. Most people
find it quite difficult to do this, however, and tend to reuse passwords or write
them down in an area close to their computer.
Many password manager tools allow users and teams to more securely manage many distinct passwords and automatically log them in to websites.
Risks to Consider
Password manager tools are secured with a single password. The “master” password that grants access to the tool should be very strong and unique, and multifactor authentication should be used if possible.
Almost all modern commercial password managers allow users to implement some form of multifactor authentication. You will also need to decide whether you want your password management tool to store passwords locally or in the cloud.
Questions to Ask When Thinking About Using a Password Manager
- Does it create strong passwords?
- Does it have multifactor authentication?
- Does it help you assess security across multiple accounts?
- Does it offer you a way to securely share passwords on a team?
- Can you use it across devices?
- Where is data stored and how is it encrypted?
List of Password Manager Technologies and Tools
Below is a list of popular password manager tools for consideration. Neither University of Alaska nor the UA Security Matters team recommends the use of a particular tool; individuals should use these tools at their own risk.
- KeePass and KeePassX (open source)
- Sticky Password
- True Key
- Zoho Vault