The worst password management practices for business
Since the beginning of the existence of the Internet, the culture of password management has undergone numerous mutations and, perhaps, in the foreseeable future, it will evolve into a passwordless one. But while a passwordless future looms somewhere on the horizon, individuals and companies have to deal with the clutter of proliferating sensitive and secret information like online account credentials, IDs, digital banking info, files, etc. All this variety of valuable information and the relatively easy ways to access it attract hackers looking for profit.
To avoid the disruptive consequences of cyberattacks, let's break down the most outrageous password and data management practices.
Why is storing passwords in a notebook a really bad idea?
In fact, it is worth asking the question why this method is still resorted to (even in companies). Accidentally spilled coffee can cause your data to be lost beyond recovery.
A notebook can be lost, someone can sneak it, it is in the only copy that cannot be restored in case of destruction. Don’t you find it irritating that you can’t copy data from there, but you have to enter it manually?
This inconvenience force you to create simpler, more memorable passwords (which end up being easier to hack) and layer up additional vulnerability to the already vulnerable way of password management.
In a company environment, this is also an inconvenience due to problems with sharing and the number of copies.
When is it reasonable to keep passwords on paper?
Such cases exist. For example, backup codes to restore access to critical accounts (not all Internet services offer this option, but we advise you to look into the security settings of the most important web accounts for you and find out). However, the recovery codes printed on paper should be kept in a safe or even a safe deposit box. It is often recommended to store access recovery codes in encrypted digital form on USB (but in this case you have also store this USB stick so that it couldn’t be lost).
Is storing passwords in a spreadsheet also a bad habit?
Definitely it is. And here's why: all of your company's passwords are stored in one file, to which almost all employees have access. Once more: the entire contents of the file is available to every user who has access to the file. After that, storing passwords in a notebook does not seem such an absurd idea.
Storage in digital form has its advantages like simple backup, copy-paste, sharing features. But all these advantages fade in comparison to the vulnerabilities of this password management method. If the file is leaked, then all your passwords will go to the attacker.
Can you imagine the whole devastating effect?
Why not store passwords in the browser's built-in password managers then?
The only attractive thing about this method is the ability to autofill website forms. But this is only in the browser in which you saved the credentials. If you need to log into your account from another browser, you will have to go through filling out the form fields again (if your passwords are not written in a notebook, but in a spreadsheet, then this will be less of a pain).
But here a new drawback comes into play: periodically in browsers there are found vulnerabilities (including zero-day ones) that can expose the data stored in them to various risks. The more browsers you use and store your passwords in, the more likely it is that something might happen to one of them.
For companies, this poses an additional threat that data is not stored centrally and is totally out of control.
What should not be done when sharing passwords?
Sticky notes, email, sms, instant messengers - all these are not the best ideas. This dissemination of information leads to its exposure and a loss of control over it.
Why is using a standalone password manager a great idea for a company?
- Centralized secure password storage that provides extensive backup options.
- Categorize and organize records into a clear structure.
- Accessible from mobile, desktop, web, browser extensions for major browsers.
- Convenient password sharing for user groups. Give access to passwords only to those users who really need them for work.
- Easy management of user and user groups (the ability to do this through AD / LDAP, Azhur AD).
- Lots of security settings to improve your organization's password management culture.
- And that's not all!
You can ask any questions you are interested in to our specialists through the contact form on the website or by phone. They will be happy to dispel your doubts!