Cybersecurity, specifically, password management, should be considered a habit in each one of us. To achieve this, the cybersecurity market should develop user-friendly programs.
Around 60% of people experience a data breach once in a while. One of the most common reasons behind that is weak and unsecured passwords. Unfortunately, the majority of internet users tend to use the same passwords on many different accounts. The ease of remembering a single or a couple of passwords is also an easy way to get hacked.
Less than a third of the US population trusts password managers. So, to get to know more about this tool and prove its importance, we have reached out to Alex Tischenko, the Founder of Sticky Password password manager.
Would you like to share a little bit about your story? How did Sticky Password come about more than two decades ago?
We started making Sticky Password 20 years ago. We started as a niche product for developers and others who worked all day in a computing environment. Back then the attitude of the general public towards passwords was very naive, after all, who needs a tool to keep track of the one password they are using for all their online accounts? Some people were conscientious about using a different password for each site, so their problem was a little different: who needs a tool when your passwords are the names of your children, your pets’ names, and your pet names for your children (i.e. nicknames)?
Nevertheless, we built Sticky Password to be a useful tool for the average internet user. This caught the attention of companies who saw that their customers did need password management. So, for quite a while we were the password manager of choice for so-called white label projects - including two of the biggest antivirus vendors (most recently ESET).
Even as that unsophisticated approach on the part of individuals has been going away, too many people still have bad habits with passwords.
At present, we’re focusing on our consumer and small business customers; providing them with a strong option for a native application solution; in addition to cloud storage and backup, we have a strong solution for the desktop and local sync that doesn’t store everything in the cloud.
Can you introduce us to your password manager? What are its key features?
We offer a secure and cost-effective password manager solution for both consumer and small business customers. The key to any security product is that to get the benefit, users need to use it consistently and make it a habit. When security becomes a habit it becomes much more effective. With that in mind, we strive to make Sticky Password easy to use. And we’re finding that for many customers Sticky Password is a security habit they don’t want to break.
With the move of seemingly everything to the cloud, we continue our commitment to providing customers with native application support (the option to have all their data remain on their devices). That’s not to say that we offer only a local solution - a great many of our customers take advantage of our cloud-based syncing and backup solutions – but our customers have a choice when it comes to being able to store their data on their own devices. Another unique feature of Sticky Password is our lifetime license which is of interest to customers who don’t want to renew a subscription every year. Of course, we cover the 4 major operating systems (Windows, Android, Mac, and iOS).
As mentioned earlier, we’ve broadened our focus to include businesses with password management requirements. There are many solutions for enterprise authentication, but surprisingly few applications like Sticky Password offer a multi-seat password management solution for small businesses. And we’ll be adding more services for business later this year.
It is evident that giving back is important to Sticky Password. Would you like to share more about your environmental initiative?
Our support for manatees began on a very personal level. My wife and I have been fond of the gentle sea creatures for a long time. We even named our company Lamantine Software, after them (lamantin has a French derivation).
As we were looking for opportunities to help manatees in the wild we came across the wonderful work Save the Manatee Club is doing from their headquarters in Florida. Buying a Sticky Password product allows us to continue our support for them, but we also encourage anyone to contact the team at Save the Manatee to donate directly, or just to see what is new.
Have you noticed any new security threats arise as a result of the current global events?
Remote work has had a huge impact on security. It’s very easy to think that just because I’m working from home that all the physical and digital security that is inherent in my office environment automatically covers me when I’m doing work stuff at home. That’s not a given!
For example, as more of us are working remotely and physically separated from colleagues,
it has created a need to share data securely including passwords. Our password sharing feature allows colleagues, family, or friends to share logins and passwords securely whether they’re sitting next to each other, or are alone in their home offices across town or around the globe.
Our digital data - personal and business - is an important asset that must be securely locked from others, which raises the question of how to provide access to this data in case of emergencies such as when the owner of the data is indisposed or incapacitated due to life-threatening emergencies like disease, natural disaster or even war. Sticky Password emergency access allows you to provide privileged access to individuals whom you’ve designated beforehand.
While not new, the threat from phishing attacks is always good to keep in mind. Remember those current events projects back in school? Well, it seems that bad actors and scammers were probably top of their class: they are on it when it comes to the exciting news that they can mold to get people to have an emotional reaction to ‘click’ a link in an email, a text, etc! And there are a lot of exciting items in the news! These bad actors are always ready to exploit tragedy or any global event (from war, weather events, catastrophic accidents to sporting events). The point is that it is more important than ever to be careful before clicking a link in an email.
In your opinion, what are the worst cybersecurity habits that can not only lead to an individual’s data being compromised but also put their organization in danger?
Being lazy around passwords. This usually takes the form of using the same password on multiple sites. Some of the people who do this justify it by saying that the password they are using is the strongest ever. Which, even if true, isn’t the point. It would only take one breach in which your password and login were revealed and the hackers wouldn’t have to ‘crack’ the password for your other accounts. All they would need to do is try it across your many accounts and - if you were reusing that password on another account - you’d be sunk.
Another is not being aware of “present” to what you’re doing and that leads to reflexive clicking, and doing things online that tend to lead to security and privacy issues. This is the basis for phishing attacks as well as social engineering scams. A password manager can help block phishing exploits by identifying and stopping you from logging in to links that purport to take you to the login pages of your favorite websites.
It’s not necessary to be on “high alert” when you’re online, but we should all be wary when a stimulating or provocative email or anything on social media “sets us off” emotionally. Clicking reflexively instead of practicing Stop. Think. Connect. is the behavior bad actors are trying to drive.
And by not being paranoid. That sounds a bit weird, but by paranoid, we don’t mean an over-the-top obsession with danger lurking behind every corner; instead, we should all have a healthy suspicion of all the offers and links and messages sent our way as we interact online. Bad actors are lurking everywhere; it’s up to us to be security-aware so that we give ourselves the best chance to avoid them.
Some experts say that we are currently moving towards a passwordless future. What are your thoughts on this vision?
Passwords are part and parcel of our reality because they are information, and information is a natural part of the software. Adding hardware components can sometimes improve security, but these solutions tend to not be as flexible as passwords and so these solutions aren’t as popular or practicable.
We’ve been hearing about the “death” of passwords and passwords being done away with for more than 10 years now. And as online security has continued to improve, passwords continue to play a major role. Instead of a revolution (the death of passwords), we think it will continue to be an evolution, continued movement toward passwords ‘plus’; two-factor authentication, and other elements in addition to a password.
The password manager is already a step toward a passwordless future, because it allows humans to not have to memorize passwords. But a passwordless future is quite a way off, and until we get there are still a lot of passwords to be entered - and the password manager will continue to be the most practicable way for a great many people to keep their online accounts secure.
How can one find out if their password has been compromised? Are there any early warning signs that can often be overlooked?
Here’s where being security-aware is a layer of protection that can stop bad actors from getting through, and is equally important if something does happen to go wrong. Being on the alert for when something changes in the way we go about our business online should be something we are all doing. For example, by noticing a change on a website where we log in every day, we’re able to react; we can investigate if there’s a problem (e.g. with our bank). But if we don’t even notice that anything is different, then it’s harder to know there’s a problem at all. Of course, this isn’t the solution to all problems, but often enough the warning signs are there. We help ourselves a lot by noticing.
As I said earlier, when it comes to our passwords, we should all be a bit “paranoid” in a proactive way. Bad actors know that a lot of people reuse a password on several sites, so the bad guys take advantage of it by using the breached data they have on many sites - and BINGO they break into a lot of accounts that way! That should never be a problem when you use a password manager because it’s easy to have a unique and strong password for each website. A breach at one vendor where you have an account won’t impact any of your other accounts.
The key is that you don’t have to be an IT or cybersecurity expert to be aware - simply paying attention goes a long way to protecting ourselves even online.
Besides adopting good password security practices, what other security tools do you believe everyone should incorporate into their lifestyle?
The basics go a long way to keeping you safe. Let’s start with keeping your software up to date - especially the web browsers you use and the OS. In addition to a password manager, the core security tools I recommend are antivirus software, an encrypted file system, secure communication messenger, and PGP mail encryption.
Share with us, what’s next for Sticky Password?
With all the breaches (e.g. Ticketmaster, SolarWinds, Yahoo, and on and on) that have taken place and will take place, it’s important to be able to know if your logins and passwords are ‘out there’ available to the highest bidding bad actor. We’re working with our partner Threat Status (now part of Crossword Cybersecurity) to implement their advanced dark web monitoring service within Sticky Password. Later this year, all Sticky Password Premium customers will be able to see if their logins and associated passwords are being traded by hackers on the dark web.