fbpx
BrightFlow Technologies -

Enter your keyword

Everything You Need to Know About Password Managers for Business

Everything You Need to Know About Password Managers for Business

Everything You Need to Know About Password Managers for Business

Passwords. A necessary evil hated by everyone. Everyone knows deep down they should try harder with their passwords. But everything about them seems difficult. Great passwords are:

  • Difficult to think up
  • Even harder to remember
  • Highly frustrating when you get them wrong (and have to reset them)

This is what encourages people into sloppy habits, such as relying on weak passwords, or reusing them across several logins. It’s these bad habits that cyber criminals rely on to get into accounts. It’s likely that someone, somewhere in your business is relying on a weak or reused password to protect their access to a critical system. This leaves your business at risk, without anyone being aware. Frustrating.

There is some very good news. Apple, Google, and Microsoft are working together to kill the traditional password in favour of Passkeys. These are very simple. To login to something, you’ll use your phone to prove it’s really you. Your computer will use Bluetooth to verify you’re sat nearby, then send a verification message to your phone. Unlock your phone in the usual way, with your face, fingerprint, or PIN. And that’s it. You’re logged in.

Apple’s introducing Passkeys first with iOS 16. Google and Microsoft will offer them in the near future as well. But it’s going to be a long time before Passkeys have replaced all passwords. What can you do in the meantime to make your business safer, and day to day work easier for your team? The answer is to use a password manager. Here’s our full guide on what password managers are, and the benefits of embracing them.

 

What is a password manager?

A password manager is a software application that stores and manages your credentials for all your accounts, including websites, applications, and any software you use in your business. It’ll work on your computer and phone. It will generate different long random passwords for each application and remember them. And when you login, it will automatically fill in the login boxes for you. A password manager is simple and easy. Once it’s set up, you only need to remember your master password.

 

What are the benefits of using a password manager?

There are huge benefits on top of increasing your security and protecting your data:

  • You don’t have to remember your passwords
  • You can auto-generate long, highly secure passwords which are virtually impossible to guess
  • You’ll save time with autofill
  • A good password manager will sync across operating systems and browsers. That means if you use Windows for work, but have an iPhone, it’s no worry
  • It can help to protect your identity. By using unique passwords across every account, you segment your data. If one account is breached, it’s highly unlikely others will be
  • It can alert you to risk. If you land on a fake website your password manager won’t autofill your data because it won’t recognize the site as being valid
  • Some password managers scan the dark web to make sure your credentials haven’t been leaked
  • Many password managers operate a zero knowledge approach, which means your data is encrypted before it leaves your device. That means it’s unreadable

 

What are the risks of using a password manager?

To give you a balanced view, there are a few potential negatives with a password manager:

  • All your sensitive data is in one place, protected by one master password
  • It’s possible cyber criminals could get hold of your master password, for example if you had malware or a keyboard logger watching what you do
  • You definitely need to use biometrics or multi-factor authentication (MFA, where you use a separate device) to prove it’s you
  • If you forget your master password, it’s deliberately difficult to reset it

Many of these risks can be overcome by picking the right password manager in the first place.

 

Which password manager is right for my business?

There are 3 main types of password manager available, and each comes with its own pluses and minuses.

Browser-based

This is the password manager that’s built into your browser such as Chrome, Edge, and Safari. Browser-based password managers are free and easy to use, but that’s where the benefits end. They’re not a solution we’d recommend, especially for a business.

They only work within their own browser, so if you wish to change to another, you either have to export your data or start over. They are limited in their use over multiple devices. And as the business owner you have virtually no control over what information your people are storing. This can be an issue when someone leaves.

Cloud-based

These password managers store everything in the cloud. They’re safer than browser-based alternatives as they come with features to enhance security. Firstly, they provide a backup of your vault, meaning your data isn’t lost if your device is.

Cloud-based password managers also let you store other sensitive data, like credit card details and secure notes, giving an additional level of data protection. They can detect weak and reused passwords, and generate new stronger ones. Some will even run checks to make sure your data hasn’t leaked.

You’re also able to share secure data easily, with co-workers or family for instance, even if they don’t use the same password management service as you. And cloud-based password managers have the benefit of working across multiple browsers, operating systems, and mobile devices. You don’t have to think about anything – your password manager just works.

Desktop-based

Desktop-based password managers can be the safest type, but that all depends on how security conscious you and your team are. Just because something is the safest option, doesn’t necessarily mean it’s the best option for your business.

These store data locally on one of your devices. And that device doesn’t have to be connected to the internet. That’s a benefit because it means the chances of it being breached are lower. If you use a biometric login for your master password you’ll be even safer from rare-but-risky keyboard logger attacks (this is where malicious software secretly records everything you type into your computer).

The downside to desktop-based password managers is that you’ll need to make sure you take your own regular backups of your data and vault. Otherwise, if your device breaks beyond repair or is stolen, your vault is gone. Another issue is that you can’t access your passwords from other devices, and sharing can be difficult too.

 

Are password managers safe?

Yes! Although there have been breaches in the past, most professional password managers have an outstanding record. If you and your team always follow password manager best practice – more on this below – you’ll be highly protected from credential theft. Premium paid-for services offer a lot more protection, too. There are more features you can take advantage of for better usability, additional security, and safe sharing… all of which are really important for business use.

By getting each employee to implement security practices such as this, you make your team stronger and better defended against outside security attacks.

Password best practice

There’s little point in using a password manager if you don’t care about password best practice. If you’re not on top of this already, make sure you and your entire team are doing all the right things to keep your business and its data safe.

First and most importantly, everyone – and we mean EVERYONE – in your business should do regular cyber security training. Including you. This makes sure all your people are aware of the up-to-date risks to your business and its data. It’ll help them stay safe personally, as well.

Your people are your frontline defense against cyber-attacks, so it really is essential that they’re armed with the right tools and knowledge to help protect the business. If your people aren’t following best practice, it doesn’t matter how great the security tools you use are, you’ll never be as safe as you should be.

Next, make sure everyone on your team uses a password manager supplied by the business (and never their own). This will give you huge control over what happens to your data when they leave. This is especially important if your team work remotely or take company devices home.

Don’t ever reuse passwords, even if you’re using a password manager. You should make sure passwords are long and complex. They can be randomly generated by most password managers, and this will give you the highest level of security. The more complex and nonsensical each password is, the better (by using a password manager, you won’t have to remember them anyway, so this makes life a lot easier).

The exception to this is your master password. You will need to remember this one, and it will also need to be very strong. For this, we’d recommend a passphrase. That’s where you take a string of random words that you can easily visualise. For example, ‘neonblueballetshoe’. You could also try a sentence, where the first letter of each word becomes your password, e.g. ‘I wish I could eat cake for breakfast 5 days a week’ becomes ‘IwIcecfb5daw’.

Enable multi-factor authentication and/or biometrics for additional security. This makes it very difficult for someone to login without your device or you.

You should also avoid using free password managers if possible. While they may be OK for personal use (and even then we’d question their use), for protecting sensitive business data, free password managers simply don’t cut it. Many don’t offer the most essential features, such as syncing across your devices or browsers, multi-factor authentication, and end-to-end encryption.

Finally, create a password policy that all your employees are aware of and follow. It should include never reusing passwords, always using the security tools provided, and never sharing passwords with others. This should help you avoid the issue of employees cutting security corners and putting data at risk, which sadly, happens from time to time.

As you can see, we’d highly recommend using a password manager in your business to give your data another strong layer of protection against theft. Would you like to know which one we recommend and use ourselves? Just get in touch and we’ll tell you.

Ready to Get Started?

Fill in the details and we'll contact you about your business.

  • This field is for validation purposes and should be left unchanged.

Dropsuite:

Dropsuite is a cloud software platform enabling businesses and organizations globally to easily backup, recover and protect their important business information including emails, contacts, calendars and OneDrive/Sharepoint files. Compliant email backup and archive system with a 10-year retention policy.

Vade Secure:

Vade Secure is an AI-based email security solution to improve security for Office 365 and block advanced phishing, spear phishing, and advanced malware threats. Vade Secure analyzes emails, webpages, attachments, and images with machine learning and deep learning algorithms that are trained to detect behaviors and anomalies common to advanced email threats.

Office Protect:

Office Protect is a service that’s designed to help you secure your Microsoft 365 tenant. Using our powerful in-house security software, our analysts actively monitor for threats, investigate alerts, eliminate false positives, and provide guided response and remediation. Protects against account break-ins, data exfiltration, business email compromise, phishing, internal threats, lateral movement, ransomware, and attacks by nation states.

Dark Cubed:

Dark Cubed focuses on real-time monitoring, threat intelligence, predictive analytics, elegant dashboard, streamlined workflow, executive reporting and active blocking. This is another layer of security that integrates with the firewall.

ThreatLocker:

ThreatLocker is a zero-trust endpoint security tool giving companies control over what software can run, by whom, and what data can be accessed.

It keeps a full detailed audit of what applications are used and data accessed/transferred/deleted and by what users (signature tracking, etc.) If something unusual happens, such as a signature change, or a user opens an application that is out of their normal routine the administrator is alerted. This is a crucial tool in identifying malware threats, as well as helping organizations identify if users are accessing applications and/or data/ files they should not be.

ThreatLocker provides a solution that allows businesses to control the content that runs on their network. Unlike AntiVirus software ThreatLocker is not looking for known viruses or malware. ThreatLocker uses a complex set of rules to determine what can be executed on a network and stops anything that has not been approved before it can even execute.

Huntress:

Huntress is a supplement to SentinelOne. Hackers are becoming more sophisticated, and Huntress actively seeks out these threat actors with a "defend forward" mentality. This software combines both advanced security tools along with human intervention to ensure even the most advanced hackers can't penetrate your network.

SentinelOne:

SentinelOne is a comprehensive enterprise security platform that provides threat detection, hunting, and response features that enable organizations to discover vulnerabilities and protect IT operations. SentinelOne integrates static artificial intelligence (AI) to provide real-time endpoint protection and reduce false positives that derail investigations or make threat detection a capital-intensive process. This will replace Webroot in your current environment.