Save Time and Keep Passwords Safe with a Password Manager

Passwords are required for so many digital systems, and it's easy to feel like a good part of each day is spent authenticating into one system or another, and for a good reason. A survey on password and authentication behaviors conducted by the Ponemon Institute reported that the average respondent spends nearly 11 hours per year entering and resetting passwords. Additionally, over half used an average of five passwords across business and personal accounts.

Fortunately, there are solutions to help reduce the time it takes to wrangle your passwords.

Web Single Sign-On

For Northwestern-owned systems, applications, and devices, the Web Single Sign-On (WebSSO) system, Online Passport, enables NetID authentication for hosted and cloud (software as a service) applications. It also enforces strong password standards and allows greater functionality out of a single login process. The Online Passport also enables users to sign into one application and remain logged in for other applications in the same browser session, negating the need to sign in again.

Password Managers

For systems and applications where NetID authentication isn't an option, consider using a password manager (LastPass and 1Password are examples) to help create and store strong passwords. A password manager uses one secure password or token to allow access to all your passwords—you can copy and paste them to your application. Some have a browser extension that will auto-fill passwords on web forms.

It is still important to do your research, though, and ensure that your password manager has the following features:

• AES 256-bit (or higher) Encryption: This keeps the encryption at the device level, so not even the password manager can access your stored passwords.
• Multi-factor Authentication: This critical tool ensures that your password manager stays secure if your one password is compromised.
• Lengthy, Strong Passwords: The ability to auto-generate strong passwords saves individuals time thinking up new passphrases that meet security requirements.
• Secure Notes and Data: In addition to passwords, you can store information, including encrypted notes, credit card information, and more.
• Mobile Functionality: Most password managers have either a mobile app or a mobile-friendly website that keeps you from typing in long passwords on a mobile device.

Biometric Authentication

Most mobile devices and laptop computers come with optional biometric authentication (fingerprint, face scan, etc.). Enabling biometric authentication on trusted, privately-owned devices allows you to skip your password entirely and use something you always have.

A straightforward alternative to reused or less secure passwords, most mobile apps will allow you to enable biometric login. In addition, some password managers allow for biometric authentication in web browsers and corresponding mobile apps.

Support Resources

To learn more about how to protect your digital identity and device security, consider the following resources:

• Secure IT at Northwestern
• Password Security Tips
• Information Security blog—How a Password Manager Can Help
• National Cybersecurity Alliance
  • Tips for Passwords and Securing Your Accounts
  • Owning Your Privacy by Managing Your Digital Footprint
• The Best Password Managers to Secure Your Digital Life, Wired, April 2, 2022

For questions about the use of password managers for Northwestern devices or applications, please contact the Information Security Office at security@northwestern.edu.