Keep passwords safe and secure with password management
A password manager can encourage users to adopt unbreakable passwords
As users, we know that we should use complex, secure passwords that aren’t easily guessed words from the dictionary like ”admin” or personal dates to protect our systems. Nonsensical words and phrases that substitute digits and symbols for letters, such as ”45Monk3y t1m3 fun!,” are the most secure. But we also know how difficult it can be to create several unique, strong passwords—and even harder to remember them all.
To encourage employees to create passwords that are hard to crack but easily remembered and used, you can provide them with a password management system. Password management is both a standard company-wide policy for developing passwords, and, for many companies, a password manager application you add to your security arsenal as part of your small business security policy.
Your company’s password management policy should start with the mandate to never, ever, under any circumstances whatsoever write down a password. Passwords should never be jotted down on a sticky note and stuck to the side of a monitor; nor should they be written on a notepad and filed away in a drawer. A password management policy should also require employees to only use strong, meaningful passwords and never words like ”secret.”
A better way to record passwords is with a password manager application, which can help users create strong passwords as well as store them. It can also safely delete passwords when users no longer need them. A password manager can be installed on a PC, laptop, smartphone, or tablet, and works the same regardless of the device.
A password manager remembers, so you don’t have to
If your employees have several passwords, or if you’d prefer to provide them with a safer, easier system for password management, consider a password manager. This software comes in several different flavors, including cloud-based or online services, desktop software, or a mobile application. Users must remember only one password—the one that grants access to the password manager—and then they can use the software to create new passwords, access already existing passwords or even automatically log in directly to password protected websites and applications. Again, this one master password must be very secure and impossible to guess.
All password managers should include a few basic features. The first, and most important, is that it uses a highly encrypted database for storing passwords. Therefore, look for software that is encrypted with the highest level of data encryption legally available in your area; in the U.S., that’s the 256-bit Advanced Encryption Standard (AES) algorithm. If you opt for an online or cloud-based password manager service, research the provider’s security measures, including who has access to the password databases.
Second, a solid password manager can generate complex passwords that, as strings of unrelated characters, are impossible to guess (and remember). Third, consider choosing a password manager that has a remote self-destruct mode that shuts down the password management software completely if a hacker tries to break in. This is critical for any mobile device that is easily lost or stolen. Finally, you might want to consider a password manager program or service that allows the user to store other sensitive data, such as PINs, credit card digits, and Social Security numbers. These “digital wallet” applications or services are particularly useful for mobile users.
A word of caution
Most desktop password managers can automatically fill in passwords in an employee’s web browser. Although convenient for users, this can pose a danger so encourage users to session lock or log out their user account before walking away from their computers. After all, it just takes a few moments for an interloper to sit down; load the secure website the user was browsing (such as a banking or retail site); have the password manager auto fill in username and password; and transfer funds, order merchandise,
Password management software does more than remember passwords for users. Some versions can also help protect against particular attacks against a device, including keylogging, which is when hackers intercept keystrokes to crack a password, and brute-force attacks, in which hackers bombard a computer with known words to determine a password. Adding a password manager to your bag of security tricks adds one more layer of protection between you and the black hats of the world, while also making life a little easier for your employees.
Is a password management scheme or software part of your small business security policy?