Pub. 9 2018 Issue 2

Summer 2018 23 West Virginia Banker How does the Password Manager Work. When logging into the password manager solution, the user will have access to all of the login data that was entered into the password manager solution. Some solutions provide the option to auto login when accessing the password manager. However, auto login introduces a security risk in the event the master password was compromised. The security with the password manager can be further enhanced by requiring another action by the user to login to the other applications (selecting the individual application to access upon successfully logging into the password manager, etc. as opposed to the auto login feature). Another security feature that should be considered is the use of two factor authentication and / or out of band authentication. With out of band authentication, after logging into the password manager solution, the password manager will send an authentication code through a text message or through an app on the user’s phone. The end user is required to enter the authentication code to complete the login into the password manager. In the event an intruder gains access to the master password, it will be more difficult to access the password manager unless the intruder gains access to the user’s phone. Other features that should be considered when selecting a password manager is the use of encryption with the password manager solution, the availability of a Service Organization Control 2 report, ease of use, etc. Available Solutions. There are several password manager options available including: • LastPass • Dashlane • KeePass • 1Password • Roboform 8 The list is not an all-inclusive list and are in no particular order. Regardless of the solution, there may be some upfront time to ensure all the user’s passwords are included in the password manager solution. If manual entry is required, the user should first focus on the more critical applications such as bank accounts, online accounting applications, personal and private information, etc. Conclusion. The use of applications (both online and local) continues to increase at an incredibly rapid rate. With the rap- id increase, maintaining and securing passwords continues to become an increasing challenge and security risk for organiza- tions and consumers. A password manager can be an effective method to manage the increasing number of passwords.  Chris Joseph is a partner of Arnett Carbis Toothman LLP, located in the Charleston, West Virginia office. Certified as a public accountant, information system auditor, risk and information systems control and information technology, Mr. Joseph has over thirty-three years of experience in information technology, auditing and security services in the financial institutions industry. Mr. Joseph can be contacted at 800-642-3601 or through email: chris.joseph@actcpas.com. The Most Important Investment You Can Make Learn more at WVBankers.org