This article explains what a password manager is and how it works. It suggests how to manage your password on a web browser and how to manage the password shared with your team using KeePassXC password manager.
iSolutions does not support this software, though we recommend teams to use KeePassXC to manage shared passwords in a secure and easy way.
Every password has certain character requirements that can be difficult to remember. Most of the times they are a mix of numbers, symbols, and lengths.
A password manager application can:
Using the same password for many accounts can be very dangerous. A single data breach can happen anytime and can affect any of your accounts.
Password managers can store and organize your passwords with:
They can also let you know about phishing sites because each username and password are tied to a specific URL. Even if you visit a phishing site, your login information will not filled automatically because the URL does not match the one saved in the password manager.
Password managers can connect your login information across many devices, websites, and apps. They can also autofill sensitive data.
---
A password manager is a program or application that allows you to store passwords and other login information in a safe location.
Many software managers work as password generators. You can use them to create new, stronger, and unique passwords.
Through a password manager, you can store:
You can access your login information using a master password or other security steps based on biometric data. Password manager applications can also autofill your login information on websites they recognize.
Using a password manager, you can create and store unique passwords. The password manager application stores your login information in a secure virtual vault. When you visit a site or open an app where you need to log in, the password manager automatically fills in your login name and password for you.
All you need to access your stored passwords is a master password. This password lets you get into the manager and allows you to access your saved login information. Please note: the master password, as its name implies, is very important and should be the most highly protected password.
Password managers can work in different ways. They can be:
Locally installed password managers are also known as desktop-based password managers.
They store and encrypt passwords on a specific device, such as your computer or smartphone. Your data is stored in an encrypted file which can be locked with the master password.
Browsers with built-in password management (such as Microsoft Edge, Google Chrome, Mozilla Firefox, or Safari), will show you a pop-up message when you log into a website. This message will ask you whether you want to store your information or not. Locally installed password managers allow you to sync passwords across devices.
Please note: using a locally installed password manager, you will lose all your password manager data if you lose or break your device.
Web-based (or “cloud-based”) password managers store your passwords on a server. You can access and sync your data from different devices if you have an internet connection.
Your data is encrypted on your device before it hits the servers, so you know it's safe and secure. Like locally installed password managers, web-based ones are also accessed using a master password.
Single sign-on password managers allow you to use a single password for all web services and applications.
This type of password manager is often used in workplace settings, so employees can:
SSO relies on passing tokens to the site or app to request authentication.
---
You can keep your browser safe using Two-Step Authentication. This kind of verification is a process that helps protect your account and includes any combination of 2 factors such as:
Even if someone else finds your password, they will not be able to access your data if they do not know the other factor.
Please note: if you lose your contact method, your password alone will not get you back into your account.
After turning on two-step verification, you will get a security code to your email, phone, or authenticator app. You will need it every time you sign in on a new device / browser or on a device / browser that has not been marked as “trusted” yet.
When you sign in on a new device or from a new location, you will need to confirm your identity by entering a security code on the sign-in page.
---
You can get all these benefits by using the browsers’ built in password manager. This section lists useful resources about the following browsers:
---
KeePassXC is a free and open-source password manager for Windows, Apple macOS, or Linux. It helps you manage your team’s passwords (and your password as well, if you want) in a secure way.
KeePassXC and other password managers work as a database where you can store all your passwords safely, locking them with a master key. This master key is the only password you need to remember to unlock the whole database.
Database files are encrypted using secure encryption.
Please be aware that sharing passwords can be risky if done without care. To avoid any risk please read carefully the section "Recommendations about sharing passwords with team members".
Downloading KeePassXC is quite easy. You just need to:
1. Open the KeePassXC Password Manager website
2. Select the button “Download”
3. KeePass will automatically recognise your Operating System (OS). It will provide the downloadable version of the software for your OS or the source code.
Once you have downloaded the file, launch the installer, and follow the instructions. The process will last just a couple of minutes.
Once you have installed KeePassXC, you can start creating your password databases. By creating password databases and master keys, you can:
We recommend creating small databases storing a maximum of 5 accounts. By doing this you will contain the dangers and issues related to breached accounts and to the University network.
To start creating a password database and now more about using the master keys, please one of the following guidelines:
After creating your databases and master keys, we suggest uploading them to your OneDrive in a dedicated folder. By doing this you will be sure that your files will be always accessible and stored in a safe place.
If you need guidance on uploading the files from your local storage to OneDrive, please read the article “Uploading files or folders from your local storage to OneDrive”.
Now that you have uploaded your files in OneDrive, you can give your team access to your folder.
If you need help, please read the SharePoint page OneDrive - How do I ...? (section "How do I share files from my OneDrive?").
Remember to review and manage the users who have access to the file periodically
If you need further information, please read the article "How do I know which of my OneDrive files I have shared and with whom?".
One of the down-sides with KeePass is that anyone can take their own copy of the password database, so you should only share passwords in this way with team members you trust.
You should be prepared to change the passwords you are sharing when:
---
Was this article helpful?
If you have any further comments, please put them below.
Please note that feedback is anonymous - if you require a reply or assistance, please raise a ticket via ServiceLine.
Thank you for your feedback, it is much appreciated.