For both business owners and IT managers, securing company data and communications is mission critical. Maintaining those hard-won levels of security is often the more challenging task. Often, employees have responsibility for creating and securing their own passwords for collaborative apps and email accounts.
An ever-expanding selection of technology aims to combat this common problem, in the form of password managers. These applications track website logins and create complex, unique passwords for each account. They encrypt the passwords with a single master password and store them in encrypted cloud-based vaults. Only the individual user knows the master password. However, these managers raise security issues of their own. You may wonder if password managers are safe.
Password Manager Vulnerabilities
The most popular password manager apps like LogMeOnce and Dashlane can defeat keyloggers and use two-factor authentication. However, they’re still vulnerable to breaches.
Perhaps the biggest threat comes from the employees themselves, who often reuse simple passwords across personal and professional websites. According to Verizon’s 2017 Data Breach Investigations Report, more than 80 percent of breaches are caused by weak, compromised, or reused passwords. An employee accessing social media on public wifi, using the same password as their business login, creates a high degree of vulnerability.
How to Make Password Managers Safe
Educating employees on the vital importance of using unique passwords on personal and professional websites will go a long way toward combating this problem. Although few business owners with large, seasonal, or independent contractor workforces feel comfortable relying on this strategy alone.
For companies that prefer to keep password management off-line and out of the cloud, tools like Myki and KeePass manage and authenticate encrypted password lists solely on smartphones. Their browser extensions for Chrome, Firefox, Safari, and Opera communicate with the smartphone app to allow employees to manage passwords on any platform that supports one of those browsers.
Choosing the best and safest password management system for your business comes down to a balance of usability, reliability, and price that best suits the needs of your company. Any tool that is too difficult to set up, or use regularly, will inevitably fail its mission of safeguarding your company data and communications.
Things to Look For When Choosing a Password Manager
When choosing a vendor, review their customer service policy. Are they available by phone 24/7 or do you need to seek assistance on their website?
While many of these apps are free, those with more robust features come with a cost per user. This may grow out of control at scale. Vendors may offer trials or make certain features available for nominal fees for the first year, but the costs skyrocket in the second.
Some of the better known apps have suffered well-publicized hacks in the past but, in addressing those vulnerabilities, are now more secure. Many of these companies offer free identity theft protection as a means of assurance to new clients.
No matter which type of password manager you choose for your company, you’ll want to put it to work right away. Password and identity integrity are too valuable to any the bottom line of any business to ignore. Find more IT security solutions in our previous post, “Your Company’s Security Checklist.”