Password Managers For Business

Once upon a time in a galaxy far far away, people used one password across a handful of logins. This worked fine for a time due to the average person’s ignorance of all things technology; however, times have changed and breaches are commonplace. Businesses must prepare for a different post-COVID workplace where cybersecurity needs, compliance, and functionality can all coexist. In fact, they MUST exist.

The average professional has 191 passwords to remember based on research conducted by LastPass. As an IT service provider, we see all the use cases for password managers for businesses. We will answer the following common questions:

1. Why should I use a password manager?
2. Which password manager is best for my business?
3. How should my business implement a password manager?

Why should I use a password manager?

Risk Mitigation

It is easy to become weighed down by the burden of handling cybersecurity in the workplace. Weak passwords are often an initial breach point for cyber attackers and a password manager mitigates some of that risk. The right password manager will allow for the randomization of passwords and be easily accessible. If you don’t reuse passwords, randomly generate them all, and have a very user-friendly means of accessing them, you significantly increase the security of your organization. Next, add some multi-factor authentication (MFA) on your cloud platforms and you will be well on your way to a more secure environment.

Secure Team Collaboration

As your business grows and expands, there can become an increasing need for teams to share items like credentials, SSH keys or even credit card information. Now, let me start by saying that credential sharing should be limited and only happen on an AS NEEDED basis and limited in time. When this need arises though, having the ability to securely share your credentials and revoke access is important. A good password manager will also allow you to section off your critical information to teams that should have the correct access. As an example, there might be 3 people in the accounting department and everyone needs to know what the banking information is. This is a PCI-compliant solution to that problem.

Lastly, a password manager allows for the business to have control of the assets that belong to the organization. This is critical when someone passes away, leaves the company, or attempts to steal. All in all, using a password manager for your business mitigates risk.

Which password manager is best for my business?

Before implementation can begin, you need to have an idea of the capabilities each password manager provides. There have been plenty of in-depth reviews so we will spare you all the gory details. Our top two picks are below and SUURV has the capabilities of aiding in your transition to either one of these great providers.

1. LastPass
2. 1Password

Both of these password managers give users cross-device support, browser extensions, password generation, and autofill features. This means your Mac, iPhone, Android or Windows machine can all access the critical password information you need on the go. For users who have FaceID and/or thumbprint readers, accessing your data couldn’t be easier.

They also allow for a trusted managed service provider to manage the rollout so as you onboard new employees, they can be added to the right groups, with the right access, and can be revoked as needed.

How should my business implement a password manager?

First, start by adding the users to the password manager console. They will receive an onboarding email where they can create their account and sign in for the first time. Next, sign in to the programs on the computer, browser extension, and phone app. It is best if your IT team pushes the applications to business devices ahead of time. For a smooth rollout, provide the users with “How-To” documentation as well.

Now every user should have their own personal vault where their information is kept. All existing credentials should be moved to the new password manager. This can include things like their O365, bank logins or GSuite credentials. This can be done by exporting them from where they are currently saved and importing them to the new password manager (browser, spreadsheet, etc.).

Lastly, as the need for sharing passwords is identified, those requests can go through the pre-defined approval process and a secure vault can be created.

In Conclusion

When given the opportunity to mitigate risk for your organization, there is always a cost-benefit analysis to weigh. The right password manager for business will be cost-effective and a compliant solution for storing and sharing sensitive information. Implamentation is easy so when you’re ready, give your friendly neighborhood IT guys a call.