Passwords are an important line of defense against cybercrime in businesses. For maximum security, each account password should be strong and changed regularly.
However, trying to memorize many strong passwords is challenging. This is particularly true for IT administrators, senior operations staff, and other employees who must remember system and service account passwords in addition to their own.
For this reason, employees might be tempted to write down their passwords or use variations of the same password for multiple accounts. To help them avoid these temptations, you can use a password manager.
There are many password managers on the market. To find one that will meet your needs, it helps to know how password managers work. It also helps to know which features are essential and which ones are nice to have.
How Password Managers Work
Many vendors and service providers offer password managers either as a standalone tool or as part of a software suite. Almost all of them incorporate the same basic design. They encrypt and store your account usernames and passwords in a repository, or vault.
When you want to access one of your accounts using the stored login credentials, you enter a master password and select the account. This means you only need to remember one strong password instead of many to log in to your accounts.
Some password managers store the vault in the cloud, whereas others store it on a local computer’s hard drive. With cloud-based vaults, you can access your login credentials from any computer or mobile device as long as you have an Internet connection. Plus, you do not run the risk of losing all your passwords if your hard drive fails or you lose your mobile device.
However, with cloud-based vaults, you are relying on the password manager service provider to keep your passwords safe. As the June 12, 2015, attack on LastPass shows, password manager service providers do get hacked.
Although this attack did not result in any significant data loss for customers, they were advised to change their master passwords. So, if you decide to use a cloud-based vault, you need to keep abreast of any attacks against your password manager service provider and be vigilant in following its instructions if one occurs.
If you are uncomfortable with storing your passwords in the cloud, you can use a password manager that stores the vault on your computer. That way, you will have full control over it.
Password Manager Essentials
When looking at a password manager, you first need to cover the basics. Make sure that it supports:
- The operating systems and web browser versions of any computers and mobile devices on which you plan to use the password manager.
- A high level of encryption. Ideally, it should use 256-bit Advanced Encryption Standard, or AES, encryption.
- Token-based authentication if you have accounts that require two-factor authentication.
After you cover the basics, you need to make sure the password manager is well suited for multiple users. Business-grade password managers often let you create groups whose members share login credentials to certain accounts.
For example, you can create a group named CSR, add the company’s customer service representatives to it, and share the login credentials to the online resources that they need to do their jobs.
Those login credentials will then automatically appear in the password vaults of the customer service representatives. Another useful business-grade feature is the ability to assign employees predefined roles, such as user, admin, and super admin.
Finally, you need to make sure the password manager is easy to use. Otherwise, employees might go back to their old habits of writing down passwords and using variations of the same password for multiple accounts. One feature that makes a password manager more user-friendly is the automatic capture of login credentials as they are being entered.
With this feature, employees do not have to enter the credentials manually if they do not want to. Another timesaver is a random password generator. Employees can use it to quickly create a unique strong password for each account.
Business-grade password managers have other features you might find useful, such as:
- The ability to generate a portable vault using a USB key. This feature comes in handy if your password vault is stored on your computer’s hard drive. With the portable vault, you can use your master password to access accounts while working on other computers and devices with USB ports.
- The ability to store other items besides passwords in the vault to keep them encrypted and safe. For example, you can store bank account or credit card numbers in the vault.
- Extra security measures. They include automatically closing the vault after a certain amount of idle PC time and disabling auto-fill options on a browser.
- An administrative console that lets you centrally manage the password manager.
- The ability to track password usage and obtain audit reports.
Keep Your Data Safe
With the sophistication of today’s hacking technologies and hackers’ resolve to steal whatever data they can get, it is essential to have strong passwords. With a password manager, employees can easily create and store strong passwords that will help keep your data safe.