It seems that almost everything we do today requires a password. Banking, email, social media, shopping, every service requires a unique account with its own set of credentials. So how do we keep track of this massive and ever changing list of passwords, while still maintaining a high degree of security? Moreover, in a business setting, how does an organization manage its employees’ credentials while ensuring that everyone has the access they need to do their jobs? Here are some things to consider about how your company manages passwords.
One Size Does Not Fit All
From a security standpoint, one of the worst things you can do in regard to passwords is to use a single password for all of your company’s logins. If a company has just one password that opens everything, a hacker only needs to figure out the password for a single email or vendor account in order to gain access to the entire operation. It may seem tempting to indulge in the simplicity of a single password, but this is not a secure solution.
Loop In HR
Often security breaches occur because of human actors within an organization; employees don’t follow established password protocols, or passwords aren’t changed when there is employee turnover. A disgruntled former employee can cause a lot of damage in a short time if passwords are not changed quickly upon termination. Employees also need to be properly trained on the necessity of creating strong passwords (at least 8 characters, lowercase and uppercase letters, special characters) and changing those passwords with some regularity (every 30-90 days).
Multi-Factor Default
At a minimum, every organization should be using multi-factor authentication for their email accounts. This second layer of verification, using another device, exponentially increases security for crucial accounts. If scammers or hackers do get ahold of a password, they won’t be able to access the account without controlling the second device.
A Sticky Note Won’t Cut It
As any computer tech can tell you, the haggard looking sticky note, stuck to the monitor is an all too common occurrence in many businesses. This is not a great method of keeping track of passwords, for a couple of reasons: first, anyone with physical access to the computer can then access your account and second, a sticky note can be lost or misplaced. If you cannot keep track of all your passwords in your head, consider using the application highlighted in the next bullet point.
There’s An App For That
There are programs that are designed to securely organize and store your passwords for you and have versions geared toward managing passwords an organizational level. At MCT, we recommend “LastPass” a program that allows users to enter a single password and then uses unique passwords, organized and stored by the application, to access different accounts. All passwords are encrypted, heavily secured and will work with multi-factor authentication. LastPass also offers an excellent Enterprise version which allows admins to control and customize the access of individual employees. More information about LastPass Enterprise can be found here. LastPass is also a great tool for storing and sharing financial or payment data with team members who need to have access to that information.
When it comes to passwords, not having a policy is the same as having a bad policy. At the very least, your company should have hard and fast rules about how passwords should be created, who has access to what accounts and where that information is stored. If you need help finding a password management solution for your business, set up a consultation with Mankato Computer Technology.