As a business owner, you’re understandably worried about digital threats to your business. One of the most persistent and frustrating threats is credential compromise, where a bad actor gains access to systems and services simply by pilfering someone’s credentials.
You may have heard password managers mentioned as a potential solution to this problem. Here’s what you need to know.
The Problem: Too Many Passwords, Bad Choices
The typical internet user has somewhere north of 80 distinct accounts on various sites, services, platforms, and so forth. Most if not all of these are secured with a password.
(Not to get too far off track, but say “most” because of newer technologies now coming into their own, like multifactor authentication and passwordless logins. These are massive improvements on the old username + password model, but they’re not yet in place on many sites and accounts. If you have the option for either one at your business for key accounts and services, turn it on right away. We can help with this if you need it. Now, back to the topic at hand: password managers.)
Now, take a second and think about your own digital life: can you really remember 80 unique, complex passwords? Much less, which ones go with which login credentials at which sites?
Neither can anyone else.
So what do people do? They make bad choices. They reuse the same password across dozens of sites, and they use the simplest, easiest to remember passwords that a site will allow.
The problem here is that if those credentials that a person uses across dozens of sites are stolen or breached anywhere, then it’s only a matter of time before a bad guy uses them somewhere else — and gets in. And those passwords that are easy to guess? Well, they’re too easy to guess (for people and for automated tools).
So with too many passwords, people make bad choices and turn their passwords into repetitive, easy-to-guess phrases. Then they use the same password from work to log into “unimportant” services, which may get breached — at which point, a bad actor could gain access to work accounts, if they can connect the dots.
A Solution: Password Managers
One popular solution to this persistent problem is the password manager. There are numerous consumer- and business-grade solutions out there, and they all work in very similar ways. They prompt users to create one singular master password — ideally a long, very complex password — that secures the password manager itself. (Some brands call this the “Password Vault” or something similar.)
Then, once logged into the password manager, a user can input every single account and credential imaginable. The password manager encrypts this data, then pops up whenever it detects a login prompt.
The user then supplies the master password, and the password manager automates the login.
The best password managers can also automatically change account passwords to a unique, highly secure string of characters with little or no user intervention. You might have seen this kind of thing when Google (in the Chrome browser) or Apple (on Macs) offers to create a better password for you. The advantage of a third-party tool is, of course, that it’s not tied down to a browser or a device brand.
Are Password Managers Secure?
In short, yes. If you choose a well-known brand with a well-reviewed product, you’ll be stepping up account security in a serious way.
Be sure to look for a solution that can secure weak passwords automatically, and make sure your team keeps their master passwords secure and complex.
Still, understand that no one solution is bulletproof. A password manager can’t stop employees from writing out their passwords and leaving them exposed. And while companies like 1Password stake their entire business reputation on keeping those master passwords secure, they can’t completely rule out the possibility of a breach could still feasibly take place.
The difference is, you’ll know immediately. When Yahoo or Target got breached, you had no way to know if Sam in accounting reused that password on your work system.
So, for most small businesses, a business-grade password manager is a big step up in security. For help knowing which security measures make the most sense for your business, reach out. We’ll walk you through the options and guide you to a better security plan.