A password manager is quickly becoming a must-have for growing businesses of all sizes. Business password management is the storage and tracking of all credentials used by employees of a business. This includes passwords to computers & laptops, email accounts, HR systems, company accounting systems and bank logins and so on. Individual employees can rapidly end up with many passwords to keep track of.
When several staff share a password, such as managing a social media account the risk starts to increase. This usually results in a spreadsheet full of passwords accessible to many people.
Why is business password management important?
Relying on memory for lots of passwords often leads people to start creating easy to remember ones or even reusing them! With companies using more cloud based services, employee credentials become a very good route into a business.
Common Risks
-
Poor passwords: Attacker manages to force their way in through automated tools or targeted guessing. A common example is using a child’s name as a password that is also published on social media.
-
Reused passwords: Even if the password itself is good, reuse is an even bigger risk. A phished employee leads to all accounts that they use the password for being compromised. We also recommend regular security training for employees to keep them vigilant.
-
Password leaks: Passwords stolen from a provider such as a website in a data breach. The employee has made no error here but the account is still compromised. Paired with password reuse this is a common method of attack.
As you can see, proper management of business passwords is critical to protecting your data and business from harm.
What is a password manager?
A password manager is simply an app that stores your usernames and passwords in a secure way that you can access when you need them. The simplest ones are saving your passwords in a browser. However, without additional effort such as setting up sync then if you lose the device you also lose all the passwords.
The best kind of password manager to use is a cloud based one. That way the passwords are stored securely away from your device and accessible from anywhere you need them.
Some examples of these are:
We even offer password management as a Managed Service so if you’re not sure what you need, please ask!
This is not a secure password management solution:
Most cloud based apps offer some sort of free version. For personal usage this is often enough but when it comes to business usage you’ll likely want some additional features. Some of the main things to look out for are:
- Support for mobile devices so your staff can access passwords on the go
- Autofill or form filling for faster logins
- Dark web monitoring to let your staff know if any of their passwords become compromised
- Single Sign-On support. This lets you log in to the password manager app through things like Microsoft 365 so staff only have to remember a single password
- Auto generation to create a strong password on demand for you
- Audit logging for shared password usage
Say no to weak passwords!
Is there a risk to putting all passwords in a password manager?
The idiom of “Don’t put all your eggs in one basket” is a common concern with password managers. However, when this risk is managed properly it becomes a far more effective solution than the alternatives. To secure a password manager:
- Use a strong and unique password. The National Cyber Security Centre has guidance for this.
- Use Multi-Factor Authentication (MFA) so that employees need something like a phone as well as their password to log in.
- Use Single Sign-On (SSO) where possible to not have to remember an additional password.
Summary
All in all, a password manager is an excellent way to improve the security of your business. If you’re not using one yet, it’s something that you should strongly consider.