Why your business needs a Password Manager

Remembering each password for every website, portal, tool, and piece of software you use is borderline impossible. A password manager makes it easy.

Some organisations like to solve this problem by using a straightforward and memorable password, variations of the same password, or worse, the same password for everything – which is just asking for trouble.

Simple and memorable passwords are easy for hackers to access, with a staggering 81% of breaches caused by weak or reused passwords. Even if you’re using a strong password – if it’s used across many sites and logins, a single breach on one site or platform can compromise your information everywhere else.

That’s where a password manager comes in.

What is a Password Manager?

The average enterprise uses 91 services! Teams, Microsoft apps, emails, Dropbox, Social media channels, CRM, marketing software, sales automation, online store, website – the list goes on and on. With more accounts than you can easily recall, how are you supposed to remember strong, unique passwords for all of them? The simple answer is you can’t – but a password manager can.

A password manager is an application that creates, remembers and automatically fills in your passwords for you. Log in to an account once, or manually add login information to your password manager, and it will automatically store your username and password. It stores all your passwords in an encrypted format, which means they’re safe and protected. A password manager provides fast, secure and easy access to all your stored passwords with the help of a single master password.

A password manager can be incredibly beneficial for any business that wants to boost security, simplify the onboarding and offboarding process, and help employees manage their passwords more effectively.

Why is this important?

No one needs to be told that passwords are important – we all know this. But it’s important to remember that your password is your first line of defence. Put simply, cybersecurity is often only as good as the password that you’ve set – no matter what service it is that you’re using.

Making a strong password is often complicated. A password manager takes a lot of the pain out of the process and reduces an often cumbersome and time-consuming process to one that’s simple and easy. A password manager does this by creating and remembering new, complex passwords that are extremely difficult for hackers to crack.

Making unique passwords

The most robust passwords are comprised of letters, numbers and symbols in a string of no particular order or sense. These passwords should look like a cat just walked across your keyboard (for example jR7z5$R?68<*G>M). Creating a solid, complex and secure password is excellent – but if you’re not using unique passwords for each account, it’s pointless, as just one breach will expose all your accounts.

A site or application’s security is only as good as your password! Furthermore, many websites are at risk of data breaches that could potentially reveal your login details. Even if you create a complex password, using the same password across multiple sites, accounts, and applications means a cybercriminal can potentially own the master key to accessing every one of your accounts that use the same email and password combo, putting yourself and your business at risk for cyber attacks.

Managing password fatigue

The average organisation uses 91 services and applications, which means that even if you created unique passwords for all of them, you’d never be able to remember them all. While randomly generated passwords are difficult for computers to crack, they veer on being impossible for people to remember – especially if you use a different password for each account (which you should).

Fortunately, with a Password Manager, you won’t need to frantically search for that scrap of paper on which you wrote your email password and then ‘hid in a safe place.’ Or compile a Word document listing all of your logins. Password Managers keep all of your passwords in one encrypted and password-protected app.

Enabling password simplicity

Password managers significantly increase your security while simplifying your life.

Password managers significantly increase your security while simplifying your life.

A password manager requires you to remember a single password – that’s it – then it does the rest. No more trying to remember if it was a capital letter in this password or a 3 instead of a capital E – and best of all, no more password resets!

What makes a great Password Manager?

A password manager, particularly in a business context, isn’t effective if no one uses it. To ensure employees use a password manager, it must be intuitive.

A great password manager is:

• Efficient: must be able to be used to complete tasks quickly and easily
• Effective: should help users achieve specific goals
• Engaging: the UI (User Interface) and UX (User Experience) should be pleasant and satisfying to use
• Easy to learn: simple enough to be picked up and easily understood without deliberate effort
• Error tolerant: should be designed to prevent errors and help users recover from mistakes that do occur

Likewise, a password manager in a business environment must be usable cross-platform and compatible with different operating systems and devices.

Simple Onboarding and Offboarding

A simple onboarding and offboarding process helps your organisation save time and money.

Likewise, when an employee leaves your company, your password manager must be able to revoke their access to work-related passwords and data. According to a SailPoint Market Report, more than 2 in 5 employees reported having access to various corporate accounts after leaving their last job.

The report concluded that an efficient onboarding and offboarding process helps prevent some of the internal security risks with provisioning and application usage.

Administrative Controls & Monitoring

Your password manager should offer tools that enable you to oversee your employees’ use of the program. This oversight means monitoring features such as dashboards, delegated administration, team sharing, role-based permissions, analytics and auditing.

These tools should enable you to enforce all organisational password policies and aid in regulatory compliance. It is important to note that your password manager’s monitoring tools should not compromise the privacy of your employees.

Password Sharing

Password sharing is a very standard office operation. However, the methods employees use to share those passwords, such as email and internal chat programs, are not safe from hackers.

An enterprise-level password manager enables employees to share passwords securely, conveniently, and efficiently. Administrative tools should allow you to share passwords on a temporary basis or with full access.

Likewise, these shared credentials should update automatically so that all other team members continue their access.

Security

Arguably the most important aspect of your password manager is security.

Be sure to use a password manager with a zero-knowledge protocol in its security architecture. This feature allows the employee complete, exclusive control over the encryption and decryption of their data via a Master Password. You should never store this Master Password on the password manager’s server or anywhere in the company’s network.

Additionally, your password manager should alert you and all employees in the event a data breach occurs.

How secure are your passwords?

To learn more about how to generate secure passwords and use a password manager, check out these pieces from the ACSC:

• Creating strong passphrases
• Why use a password manager?