Why your business needs a password manager
Published on: July 10th, 2023
Last edited: July 27th, 2023
Remembering each password for every app, tool, website, portal and piece of software your business uses is impossible. A password manager makes it easy.
Complex passwords are essential for businesses for a myriad of reasons, but essentially, businesses have a commitment to their staff, customers and shareholders to maintain an adequate level of security to avoid costly downtime. Good passwords will protect systems and data from unauthorised access, safe guard sensitive data, prevent credential based attacks and mitigate password-related risks and also to comply with regulations and standards.
Businesses that use memorable passwords, variations of the same password, or worse, the same password for everything are at risk of a cyber attack. In fact a staggering 81% of breaches are caused by weak or reused passwords.
Even if you’re using a strong password, if you repeat logins, a single breach on one site or platform can compromise your information everywhere else.
That’s where a password manager comes in.
What is a Password Manager?
A password manager is a software tool or service designed to securely store and manage passwords for various accounts and services. It serves as a centralised vault where users can store their login credentials, including usernames and passwords, in an encrypted and protected format. The primary purpose of a password manager is to simplify the management of multiple passwords, enhance security and improve convenience for users.
What makes a good unique password?
A unique password is a password that is not used for multiple accounts or services. It means using a distinct password for each account you have, whether it’s for email, social media, online banking or any other online service.
The concept of using unique passwords is crucial for security because reusing passwords across multiple accounts can have serious consequences. If a password used for one account is compromised in a data breach or a security breach, cybercriminals can attempt to use that same password to gain unauthorised access to other accounts associated with the same username or email address. This is known as credential stuffing or password reuse attacks.
To create a unique password, consider the following best practices:
- Length and complexity: Make sure your password is long and includes a combination of uppercase and lowercase letters, numbers, and special characters. The longer and more complex the password, the harder it is for attackers to guess or crack it.
- Avoid personal information: Do not use easily guessable information like your name, birthdate or common words that can be found in dictionaries. Cybercriminals often use automated tools that can quickly guess such common passwords.
- Randomness: Generate passwords that are random and not easily associated with you or any personal information. Using password generator tools provided by password managers or online security resources can help you create strong, unique passwords.
- Avoid patterns and sequences: Avoid using patterns or sequences like “123456” or “qwerty” as they are easily guessable.
- Regularly update passwords: It’s good practice to update your passwords periodically, even if there is no indication of a security breach. Regularly changing your passwords reduces the risk of them being compromised and ensures continued security.
By using unique passwords for each account, you can minimise the impact of a potential data breach or security incident. Even if one account is compromised, the other accounts remain secure because each one has a different password. Using a password manager can simplify the process of managing and remembering multiple unique passwords across various accounts.
Benefits of using a password manager
- Enhanced security: Password managers generate strong, unique passwords for each account and store them in an encrypted vault. This eliminates the need for employees to remember or reuse weak passwords, which are prone to hacking. By promoting the use of complex and unique passwords, businesses can significantly improve their security posture and reduce the risk of unauthorised access.
- Simplified password management: Remembering multiple complex passwords can be challenging, leading employees to resort to insecure practices such as writing them down or reusing passwords across accounts. A password manager simplifies this process by securely storing and autofilling passwords, eliminating the need for employees to remember or manually enter them. This improves convenience while maintaining strong security practices.
- Increased productivity: Manually entering passwords for various accounts can be time-consuming, especially when employees need to access multiple systems or applications throughout the day. With a password manager, employees can quickly and securely log in to their accounts with a single click, saving time and improving productivity.
- Centralised password control: A business-oriented password manager allows organisations to centrally manage and control password access across their workforce. Administrators can grant and revoke access to specific accounts, enforce password policies and monitor password usage. This centralised control enhances security and enables efficient management of employee access to various systems and applications.
- Easy onboarding and offboarding: When employees join or leave a company, managing their account credentials can be a complex task. A password manager simplifies this process by allowing administrators to securely share or revoke access to account credentials as needed. This streamlines the onboarding and offboarding procedures, reducing the risk of unauthorised access and ensuring efficient account management.
- Audit and compliance support: Many industries have specific regulatory requirements regarding password management and data security. A password manager can assist in meeting these compliance obligations by providing features like password history, password rotation reminders and access logs. These capabilities enable businesses to demonstrate adherence to security best practices and compliance requirements during audits.
- Mobile device support: In today’s mobile workforce, employees often need to access business accounts and applications from their smartphones or tablets. A password manager that offers mobile support allows employees to securely access and manage their passwords across various devices, ensuring consistent security practices regardless of the platform.
Overall, a password manager offers significant advantages for businesses by improving security, simplifying password management, increasing productivity and enabling centralised control. By implementing a robust password manager solution, organisations can enhance their overall security posture and mitigate the risks associated with weak or compromised passwords.
Some great password managers
There are several excellent password managers available, each with its own set of features and strengths. Here are some popular and highly regarded password managers:
- LastPass is a widely used and feature-rich password manager that offers password storage, auto-fill, password generation and synchronisation across devices. It supports multiple platforms and browsers, provides secure sharing of passwords and has robust security features like two-factor authentication.
- 1Password is known for its user-friendly interface and strong security measures. It offers password storage, auto-fill, password generation and synchronisation across devices. 1Password provides advanced security options, such as travel mode to remove sensitive data during travel and supports features like two-factor authentication and biometric unlocking.
- Dashlane is a comprehensive password manager that focuses on simplicity and usability. It offers password storage, auto-fill, password generation and synchronisation across devices. Dashlane includes additional features like a built-in VPN for secure browsing and identity theft protection.
- KeePass is an open-source password manager that allows users to store passwords locally rather than in the cloud. It provides strong encryption for password databases and supports the creation of complex passwords. KeePass is highly customisable and has a large community of plugins and extensions.
- Bitwarden is an open-source password manager that offers free and paid versions. It provides password storage, auto-fill, password generation and synchronisation across devices. Bitwarden is known for its security and transparency, and it can be self-hosted for users who prefer to keep their password data on their own servers.
When choosing a password manager, consider factors such as security features, ease of use, compatibility with your devices and browsers, availability of mobile apps, password sharing capabilities and additional features that may be important to you, such as secure notes or form filling. It’s also a good idea to read user reviews, security audits and expert recommendations to make an informed decision based on your specific needs and preferences.
To learn more about how to generate secure passwords and use a password manager, here is the latest advice from the Australian Cyber Security Centre ACSC:
