When was the last time you hit “Forgot my password” when you tried to log in to one of your accounts? I can think of at least once this week for a site that I don’t visit very often. And if I’m honest, chances are that the next time I go to that site, I will have forgotten it again.
People and passwords are a huge issue for organizations—whether you’re an employee, a customer, or a company—there are risks with password usage. Most of the time, when we think about password management, the password length and whether it has special characters and upper and lowercase characters, come to mind. But when you talk to IT professionals, one of the bigger challenges they face is the reuse of passwords. We tend to forget the risk that goes with reusing a password, and our responsibility for not doing it.
The recent Canada Revenue Agency (CRA) breach brought this issue to light. The CRA wasn’t breached because of a failure on their side. It was breached because the users of the system were using the same password for the CRA as they used for other sites. When other sites are compromised, the hackers can take your user ID and password and try them on other sites.
Wondering if you have ever been part of a breach, visit: Have I been pwned?
The best way to manage your passwords is to create a unique password for each of your accounts. Considering most employees have close to 100 passwords (15-20 that they use day to day), it can be overwhelming to keep track of all of them. This is where password managers come in. With a password manager, you don't have to remember that strong, unique password for every website. The password manager stores them for you and even helps you generate new, random ones.
Which leads me to my latest interview with Jerry Wolverton, Founder and CEO of Stash. The team at Stash has created a password manager with a unique approach to storing and accessing passwords. But first, let’s start with why Jerry started Stash. Jerry had a pain point that he needed to solve. Jerry has a family of five and together, they had over 250 passwords that they were writing down in a notebook. When Jerry’s family needed to create a new book, he started looking at his options. He could use Excel but where would he store it? On his computer which wasn’t accessible all the time? Online? Use a password manager?
Jerry’s concern with storing this information online or in the cloud was that all websites will get breached at some point. Which led to him building a password manager that allows an individual to easily access and store passwords offline. As he looked at the options available, he considered using a separate device (think iPod nano) but that meant carrying another piece of equipment. As most of us are not too keen on that, Jerry decided on another route. Stash stores passwords on an encrypted card (the size of a credit card) and when you use your phone all you need to do is push a button and press the card against your phone and you have access to your password for the site or app in question and only that specific app. Why push a button? It removes the risk of having someone scan your passwords from the card like they would your credit card.
Now, the question I had to ask is what happens if you lose your card? Jerry recommends a back up (stored offline) and keeping an extra card. The cards are heavily encrypted like online password managers, so it’s not something easy to hack into.
A person can update their passwords as needed, and the system will recommend strong, unique passwords that would be impossible to remember. If a person’s information is compromised—like what happened with the CRA breach—they can login and update as required.
Stash has users successfully using their password manager with their phone and card but the next step the team is working on is connecting cards and computers. Jerry is eating his own proverbial dog food and has been testing it for a year and looks forward to the release. Beyond this, Jerry and his team are exploring the feasibility of using smart watches and fitness trackers as well.
Stash has also joined the Digital Identity and Authentication Council of Canada, a non-profit coalition of public and private sector leaders, committed to developing a national framework for digital identification and authentication. Our world relies on digital identity, and Jerry and his team at Stash are working with industry leaders to improve security for Canadians as it relates to our digital identity.
When I asked Jerry why Alberta, the answer is familiar. Jerry loves Alberta (except maybe the cold weather). It’s home. While there are still growing pains for Alberta’s tech industry, the community is making strides in the right direction. As part of launching his startup, Jerry participated in several programs at Startup Edmonton and worked with the Edmonton Economic Development Corporation, which helped him move his business forward. For Jerry, the community is what makes it.
Here is our full interview:
Interested in learning more? Check out this intro video: