The Password Management Paradox – Too many keys but no safe!
Password Management Truths and Solutions
Your passwords are only as secure as the person who’s managing them…Do you know who that is?
Watch any old loony tunes style cartoon featuring the trusty Sherriff and he will for sure be sporting a massive ring of oddly shaped keys to his jailhouse jangling on his belt to keep all those pesky varmints under lock and key…
Cue forward to the 2020s, we have our own massive set of weird and wonderfully shaped passwords that unlock all the different digital gateways to the worlds we rely on every day. But the thing is – they’re not real keys that we can just string together on some giant keyring, and they wouldn’t fit anyway! Plus, IT security experts warn us repeatedly that we cannot write them down, stick them on post-it notes, store them in a spreadsheet or use the same password (or variations of) for everything…because all these things pose a massive security risk to ourselves, our organisations and the data of other people we have access to.
In the case of work passwords, the situation is even trickier. Let’s say you hire a new employee; how are you going to safely and securely provide them with access to all the passwords they need to do their work? And what if you have an employee leave your organisation? Sure you can block their access to systems within your control, but what about other portals they have access to as part of their job? Might they just up and take all their passwords with them?
There must be a better way to manage all those passwords, keep those passwords unique and complex, store them centrally for shared access, but in a way so that only those who need them have access to them….? Lucky for you…there is! It’s called a Password Management Tool.
But first, a few universal truths about passwords and password management…
1.If your business is growing and you are investing in more business technology to drive that growth, you are only going to be using more and more passwords, and they will only need to be more and more unique and secure.
2. All it takes is one weak password for an attacker to compromise your systems. In brute force attacks, weak passwords can be compromised in seconds
3. People have enough on their plates already without having to remember a million passwords. Rigour in manual processes is the first thing to suffer in the face of busy.
4. From a management perspective, it is just not reasonable to expect staff to manage strong and secure passwords on their own. But having someone responsible for this is also a time and resource drain.
5. If you don’t provide a way to make managing complex passwords easier, your people will either resort to weaker, easier to remember passwords, reuse the same password across multiple apps, or use a free, personal password management tools of their own that might not be up to scratch security wise.
Enter the Password Management Tool!
Many of you, and your staff for that matter, might already be using Internet browser-based password storage tools (like Google Password Manager or iCloud Keychain ) or free versions of password management tools like LastPass on your own devices or your mobile phones to try and manage the litany of passwords you have to use each day.
But what about your company passwords?
- Do you know for sure that your staff are not storing them in spreadsheets, writing them down somewhere?
And if they are savvy enough to be using their own personal password management tool…
- Do you know what password management tool they are using, or are they just storing them all in browser storage?
- Have you given any though to how safe or secure their choice of tool may be?
- Have you provided them with any guidance around what a Master Password should look like
- Do your staff know that multifactor authentication is even more critical for password management to protect the gateway to ALL their passwords
The fact is that if your company passwords are being stored in your people’s free or personal password management tools, you have little to no control over how they manage your passwords nor do you know how safe and secure their tools of choice may be.
What a Company Password Management Tool will bring to the table
By investing the time to implement and set-up a company password management tool, you are creating a safe, secure, company-mandated place for all staff to generate, store and retrieve secure passwords, and that you have some measure of control over.
Naturally, a company password manager will give your staff all the benefits of being able to:
- Store all their complex and unique passwords in one central place they can access using just one single Master Password
- Generate security passwords when they need them
- Save them against the sites they’re used for
- Autolaunch log-ins from within the password management app itself or from an Internet browser extension
- Identify weak passwords or passwords about to expire or in need of changing
- Take their passwords with them wherever they go with cloud-based storage and access.
But a Company Password Management Tool will also let you:
- Provide your team members with a Personal vault for storing passwords only they need
- Provide “team” or departments with Department vaults for departmental passwords that may need to be shared, but only by people in that department (Think Finance or HR…)
- Provide a Company vault for passwords that anyone across your organisation may need at any given time.
- Set up Multifactor Authentication for all users, to add that all-important second layer of protection over the
- Take the heavy lifting associated with password management out of the hands of your end users whilst ensuring they can store, manage and retrieve the credentials they need quickly and securely!
- Effectively eliminate the unsafe storage of your company passwords.
Once you decide to take the step to secure your Password Management practices, there will be:
- A few questions we need to ask to get you set up
- A one-time project set-up fee to commission your site and vaults and show you how to use the service
- A flat recurring monthly fee for ongoing access to the Password Management tool – this means the price won’t change if your organisation grows!
- Options to have the monthly fee covered under your Managed IT Services agreement or to set-up ongoing support coverage.
Other great Maxsum content you might like to read:
- Is your password a problem?- Every day, more and more, password compromises and breaches are, at best, blocking productivity and people’s ability to get their jobs done, and at worst, threatening the very existence of businesses, their financial viability, and by extension the job security of their employees.Continue Reading
- Do You Understand the Phishing Threat?- It’s the cycle of routine distraction and reaction – a modern-day feature of the way we work and go about our day-to-day business – which actually makes us and our people the weakest link in even the most robust cybersecurity setup.Continue Reading
- CyberSecurity Awareness Training: Build Your Own Anti-Phishing Force Field- Continue Reading