With so many businesses now reliant upon the internet and digital services, online security is a concern for everyone, from the smallest home side-hustles to the largest organisations.
Safeguarding devices and data can be a complicated and expensive endeavour. Still, there are some measures which don’t require in-depth technical knowledge or a lot of money.
One of the most crucial tasks is securing the logins for your various accounts and services. It’s not only essential for security, but, thanks to password managers, also provides outstanding value in terms of the investment of time, money, and effort vs the benefits it offers. Matt Powell, Editor at Broadband Genie has written this guide why your business should use a password manager.
What is a password manager?
A password manager is a tool which securely stores passwords and other account information in an encrypted container which can only be accessed by someone using the right credentials.
If nothing else, password managers are a convenient time-saver. When you need to log in to a service, the password manager can auto-fill the username and password. They can also do the same for shipping addresses, credit card payment details, and other information.
But by remembering passwords for you, it also means you can ensure that all passwords are extremely strong.
The weak link
Password security often leaves a lot to be desired. Many of us are terrible at doing the things which make a password strong, exposing our systems and data as a result.
So what makes a strong password?
- Length: The longer a password is, the harder it is for a password cracker to break in with brute force.
- Complexity: Individual words, sayings, and well-known passwords are worthless because crackers can use lists of words to check for common phrases.
- Uniqueness: Never use a password more than once, because if your password to one site or service is discovered, it can be used to access all the other accounts.
Using these rules, we can very easily make great passwords. But then comes the problem of remembering them all, and that’s often the point at which we give up and revert to the same old memorable passwords.
However, using a password manager to store all your logins means that every password can be long, complex, and unique without ever worrying about making it memorable or easy to type.
Why should businesses use a password manager?
For businesses, a password manager can be enormously helpful for organising all your important account details in one place.
It also makes it very easy to provide employees or colleagues with secure access to systems. You can share logins (with the option to do so without even revealing the password), quickly revoke logins when required, and see who has access.
Password managers also offer useful security audit features. With these, it’s effortless to check the strength of all account passwords, make sure that nobody is using duplicates, and enforce things like character length and complexity so you can be reassured that every new password meets a minimum standard. Some also offer data leak alerts which can warn if any of your details have been compromised.
Other benefits of a password manager
Password managers come with lots of additional features, such as:
- Password generators. Instantly create new, secure passwords to meet any requirements you may have in terms of length or complexity.
- Secure sharing of passwords. Sharing options can apply to individual passwords or groups of accounts, and you can quickly share any password with either one person or a defined group. When sharing, you do not need to reveal the actual password.
- Secure notes and files. Some password managers allow other types of data to be stored and shared, including plain text notes or small files.
- Account monitoring. Administrators can see exactly what accounts are stored, and when and how often they’re used.
- Synchronise accounts across devices. With synchronised accounts, passwords you save on one device can be instantly accessed on any other.
- Multi-factor authentication. Protect your password manager account with additional verification using authenticator codes, biometrics, security keys, and other methods.
The drawbacks of a password manager
While useful, password managers aren’t perfect. There are some potential negatives you must consider and, if necessary, take steps to mitigate.
Your data may be stored in the cloud
Many password managers store the vault containing your account information on a remote server under their control. It makes synchronisation very easy and lets you access your password vault from anywhere, but you have to trust that the server is secure and the password vault has strong encryption.
Spend some time researching any password manager to make sure you’re happy with their standards. Or if you’d prefer to take matters into your own hands, look for a service which allows you to host the password vault yourself without using their infrastructure.
The master account must be secure
A master password protects your password manager (and is the only password you’ll actually need to remember). But it’s also a single point of failure. If the master account is not properly secured, then everything can be compromised.
It is vital that the master password is unique and strong, and that the account is secured with multi-factor authentication for additional protection if the password is discovered. Use all available security features to protect the master account, and don’t forget about securing the email address linked to it.
You must have robust security for all devices
All devices authorised to use your password manager must be kept safe. If you’re logged in to the password manager on a web browser and leave your desk without locking the computer, anyone walking by could access your logins. Laptops and smartphones are also a popular target for thieves.
As well as ensuring devices are protected against unauthorised use, configure the password manager to log you out after a period of inactivity, and to prompt for the master password for actions such as viewing passwords, editing login details, and auto-filling credit card numbers.