Security is a hot topic for organizations, especially when it concerns passwords. Passwords are the last line of defense for your organization’s data without multi-factor authentication. For that reason, it is critical for organizations to use a password manager. Relying on your staff members to create and remember unique passwords without central management is daunting and unrealistic. In this post, I will discuss the benefits and best practices of using a password manager.
Benefits of a Password Manager
Password managers are excellent tools that not only help create long unique passwords for each account, they also assist your staff members by inputting the password for them. It may seem counter-intuitive that your staff might not memorize or know their passwords – however with a password manager, there is no need to for this anymore. As long as staff can remember a master password, they’ll have access to all their passwords.
Organizational control over their staff members’ passwords and access to those passwords is important to think about. Some Password managers allow the organization to control multiple factors about their implementation and use. Some of these factors include password length, character and symbol usage, access to shared passwords, and multi-factor authentication. These factors help strengthen security and control access to the organization’s data. This can be helpful when hiring and terminating employees.
Best Practices for Password Managers
Once your organization has researched password managers and picked one that fits their needs, they’ll need to implement and educate staff members on usage. The benefits of using a password manager can be lost if your staff does not use it. Training should include a crash course by having your staff reset and apply new passwords generated by the password manager to all existing accounts.
Assign a staff member to be responsible for controlling access and auditing usage. Staff members should only have access to the passwords they need and should not be able to edit passwords that are not set by them. This staff member should audit the usage of the tool by their employees. This audit should include who has access to which passwords, are staff utilizing the password manager, do their passwords meet complexity and compliance standards, and is human intervention required.
General practices when using your password manager should be communicated to all staff. Although most will rely on the password manager to generate their passwords, they should be checking that they meet organization requirements. Simple checks like making sure the password is at least 12-15 characters, there are special symbols and characters used throughout the password, and that the symbols aren’t bunched up should be done when creating a new password.
Lastly, always combine multi-factor authentication when possible. This is an extra step when logging in that requires the user to submit an additional code sent to a secondary device (cell phone for example) verifying their identity. This can be extremely helpful for becoming aware of malicious attempts to access your account. If your staff members are receiving multi-factor codes without logging into the account, it’s time to change the password and inquire with the service as to what is happening with that account.