Using a password manager is an effective way to ensure that employees use unique, strong passwords for online accounts. Here are five questions to answer so that you can find the best password manager for your business.
Having employees use unique, strong passwords for online accounts is a crucial component in companies’ security strategies. However, creating and memorizing numerous strong passwords can be challenging. This often leads to employees using weak passwords, reusing the same password for multiple accounts, and writing down passwords. Thus, many security experts recommend that businesses use password managers.
With a password manager, employees only need to create and remember one strong password — the master password — which is used to open the tool. Once opened, employees simply select the account they want to access. The password manager will then retrieve the account’s credentials from a repository, which is often called a vault. All credentials in the vault are encrypted.
Because of its benefits, the decision to use a password manager is a no-brainer for many businesses. However, the same can’t be said for deciding which one to use, as there are many business-grade password managers on the market. Answering the following five questions can help you determine which password manager will be the best fit for your company.
- Where Do You Want the Passwords Stored?
Some password managers store passwords in the cloud, whereas others store them on the local computer’s hard drive. If your employees use multiple devices at work, having a cloud-based vault might be preferable. They will be able to access their login credentials from any computer or mobile device that has an Internet connection. Plus, employees won’t lose all their passwords if they misplace their mobile device or it is stolen.
While convenient, some people are uncomfortable with storing passwords in the cloud because they have to rely on someone else to keep their employees’ passwords safe. Data breaches do occur. For example, OneLogin’s databases were hacked in 2017 and LastPass was attacked in 2015. If you are uncomfortable with cloud-based vaults, you can use a password manager that stores the vault on the local computer’s hard drive.
No matter where you want employees’ passwords to be stored, you need to make sure a strong encryption standard is being used to encrypt them. Ideally, the password manager should use the 256-bit Advanced Encryption Standard (AES).
- Is the Password Manager User Friendly?
The password manager you choose needs to be easy for employees to use. Otherwise, they will avoid it and go back to their old habits of creating weak passwords, reusing them, and writing them down.
Besides having an intuitive interface that doesn’t take hours to learn, the password manager should have a random password generator. That way, employees can quickly and effortlessly create unique, strong passwords for their accounts.
Another user-friendly feature is an automated password changer. It can automatically change employees’ old passwords to new strong ones on websites that support this capability. This can come in handy for the initial rollout of the password manager, as employees will likely have many passwords to change at that time. This feature also works well for periodic password changes.
The individuals who will be responsible for administering the password manager should also find it easy to use. For example, an administrative console that has central management capabilities can save them time and hassle.
- Do You Want Additional Security Measures?
Business-grade password managers offer a variety of security measures beyond password encryption. Measures that password managers might provide include:
- Support for two-factor authentication (i.e., employees need to provide another form of verification besides their master password to access the password manager)
- Employee-initiated password assessments (discovers any weak or reused passwords in a vault, which is particularly helpful if the vault includes passwords that were not created with a random password generator)
- The ability to track password usage companywide and generate audit reports
- The automatic closing of an employee’s vault when the person’s device is idle for a certain amount of time
- A built-in VPN (adds another layer of security and privacy when using the password manager to log in to HTTP and HTTPS sites)
- The ability to configure and deploy policies (e.g., policies that set requirements for the master password or restrict access to certain Internet sites)
The security measures offered by different password managers will vary, so make sure that the password manager you are considering has the ones you want.
- Does Your Company Have Shared Accounts?
Do you have employees who log in to shared accounts? If so, you should look for a password manager that lets you manage shared-account passwords.
For example, suppose you have a cross-functional project team that needs access to certain online resources. You can create a group named ProjectTeam, add the team members to the group, and share the login credentials to the online resources. The login credentials will then automatically appear in the password vaults of the team members.
- Do You Want Any Nice-to-Have Features?
Password managers often include nice-to-have features that increase their usefulness. For example, some password managers offer features such as:
- An account recovery feature if employees forget their master passwords
- Support for directory services integration so that onboarding, offboarding, and other password management tasks can be automated
- The ability to generate a portable vault using a USB key
- A digital wallet that stores payment information (e.g., bank account or payment card numbers)
- The ability to encrypt and store sensitive files in a vault
Once again, the features offered by different password managers will vary, so make sure that the password manager you are considering has the nice-to-have features you want.
Password Protected flickr photo by mikemacmarketing shared under a Creative Commons (BY) license