Trying to remember your password for every website, portal, tool and piece of software is borderline impossible. Some organisations like to solve this problem by using a very simple and memorable password, variations of the same password, or worse – the exact same password for everything! That’s just asking for trouble.
Simple and memorable passwords are very easy for hackers to gain access to with a staggering 81% of breaches caused by weak or reused passwords. Even using a very strong password, but used across many sites and logins, means a single breach on one site or platform can compromise your information everywhere else. That’s where a password manager comes in.
What is a Password Manager?
The average enterprise uses 91 services! Skype, Slack, OneDrive, Dropbox, Social media channels, CRM, marketing software, sales automation, online store, website, mail client – the list goes on and on. With more accounts than you can possibly recall, how are you supposed to remember strong, unique passwords for all of them? The simple answer is you can’t – but a password manager can.
A password manager is an application that creates, remembers and automatically fills in your passwords for you. Log in to an account one time, or manually add log in information to your password manager, and it will automatically store your username and password. All your passwords are stored in an encrypted format, which means they’re safe and protected. A password manager provides fast, secure and easy access to all your stored passwords with the help of a single master password.
A password manager can be incredibly beneficial for any business that wants to boost security, simplify the onboarding and offboarding process, as well as help employees manager their passwords more effectively.
Why is this important?
Passwords are essential
No one needs to be told that passwords are important – we all know this. But it’s important to remember that your password is your first line of defence. Put simply, no matter what service it is that you’re using, the security is often times only as good as the password that you’ve set.
Making a very strong password is often complicated. A password manager really takes a lot of the pain out of the process and makes an often complicated and time consuming process simple and easy. A password manager does this by creating and remembering a new, strong and complex password for you that is much stronger than anyone could come up with.
Creating a solid, complex and secure password is great – but if it’s not unique it’s pointless, which is so often overlooked.
A site or application’s security is only as good as the password you use, which means a site’s security could be worse than your password! If you’re using the same strong password across multiple sites, accounts and applications, then those sites and services with inadequate security could endanger your information in places that are serious about security.
Lets face it – you have more accounts than your team can handle, we all do. The average organisation uses 91 services, which means that even if you created unique passwords for all of them, you’d never be able to remember them all.
One study found that people had an average of 37 password reset emails in their inboxes. 37 times someone forgot their password. 37 times someone had to undergo the tedious reset password process and create a brand new unique password.
With an enterprise level password manager, the need to reset passwords is completely removed. Likewise, when one person forgets the password, they aren’t resetting an account password that everyone else then needs to update.
Password managers significantly increase your security while also simplifying your life… how often does that happen!?
A password manager requires you to remember a single password – that’s it – then it does the rest. No more trying to remember if it was a capital letter in this password, or a 3 instead of a capital E – and best of all, no more password resets!
What makes a great Password Manager?
A password manager, particularly in a business context, isn’t effective if no one is using it. In order to ensure employees adopt the use of a password manager, it must be intuitive and easy to use.
A great password manager is:
Efficient: must be able to be used to complete tasks quickly and easily
Effective: should help users achieve specific goals
Engaging: the UI (User Interface) and UX (User Experience) should be pleasant and satisfying to use
Easy to learn: simple enough to be picked up and easily understood without deliberate effort
Error tolerant: should be designed to prevent errors and help users recover from errors that do occur\
Likewise, a password manager in a business environment must be usable cross platform and compatible with different operating systems and devices.
Simple Onboarding and Offboarding
A simple onboarding and offboarding process helps your organisation save time and money.
Likewise, when an employee leaves your company, it is important that your password manager has the ability to revoke their access to work related passwords and data. According to a SailPoint Market Report, more than 2 in 5 employees reported have access to a variety of corporate accounts after leaving their last job.
The report concluded that an efficient onboarding and offboarding process helps prevent some of the internal security risks with provisioning and application usage.
Administrative Controls & Monitoring
Your password manager should offer tools that enable you to oversee your employees’ use of the program. This means monitoring features such as dashboards, delegated administration, team sharing, role-based permissions, analytics and auditing.
These tools should enable you to enforce all organisational password policies and aid in regulatory compliance. It is however important to note that your password manager’s monitoring tools should not compromise the privacy of your employees.
Password sharing is a very standard office operation. However, the methods via which employees use to share those passwords, such as email and internal chat programs, are not safe from hackers.
An enterprise level password manager enables employees to share passwords in a secure, convenient and efficient way. Administrative tools should allow you to share passwords on a temporary basis or with full access.
Likewise, these shared credentials should update automatically so that all other team members continue their access.
Arguably the most important aspect of your password manager. The current recommended method of encryption for password protection is Advanced Encryption Standard (AES) with a 256-bit key length. This method has been deemed secure enough to protect the United States Government’s most highly classified data.
Be sure to utilise a password manager which uses a zero-knowledge protocol in its security architecture. This allows the employee full, exclusive control over the encryption and decryption of their data via a Master Password. This Master Password should never be stored on the password manager’s server or anywhere in the company’s network.
Additionally, your password manager should alert you and all employees in the event a data breach occurs.
For over 15 years eStorm Australia has been partnering with business, education and government as their trusted Managed IT Services provider and single source supplier. Our team of specialists deliver superior on-site and remote services tailored to suit your specific requirements.