Are Password Managers Safe for Your Business?

passwordkeeperAs if it weren’t bad enough to keep up with passwords when we were limited to PCs, professionals today now must handle multiple passwords on multiple devices. Remembering passwords and entering them on tiny smartphone and tablet keyboards is a constant challenge for consumers today, who are tasked with finding a way to keep up with it all.

Within enterprises, help desks are consistently fielding calls from locked out employees who have forgotten their passwords or let them expire. This is added to the countless man hours spent contacting cloud providers and websites to gain access to misplaced passwords. Thankfully, there are password managers now available to put all of those passwords in the cloud, where sites can automatically access them. But does this put your organization’s data at risk?

How Do They Work?

With a password manager, all of a user’s passwords are stored on an encrypted cloud-based server. When a user enters one assigned password, from that point forward he is automatically logged into each of the sites that have passwords associated with that login.

In an enterprise environment, businesses have the option to choose to centralize password management, with assigned administrators controlling the one password each user has chosen. If a user gets locked out, he needs only contact his local help desk to have it reset.

Security Concerns

If employees are keeping up with passwords on sheets of paper they leave lying around, password managers are a much better alternative. This is also true in enterprises where employees store passwords in a document on their devices.

However, there have been concerns about the encryption offered by these services. It’s important that businesses understand these risks and find a cloud provider that offers the best security available today. Passwords should be fully encrypted and inaccessible to intruders, as well as ensuring master passwords are both complex and kept secure. Because one password unlocks everything, a careless employee leaving a password tucked inside his laptop bag can be devastating.

Password Protecting Your Cloud Data: What You Should Know

passwordsAs businesses across the world spent the early part of 2014 worrying about the Target data breach, many didn’t realize that the biggest threat resides inside their own organizations. Passwords are the top cause of data breaches, according to experts, with users regularly using weak passwords that can easily be cracked.

Enterprise-Level Responsibility

This doesn’t absolve IT Support of responsibility, however. Through educating users on the importance of creating complex passwords, IT staff can increase security at the workstation level. This makes it harder for hackers to find a way into cloud-hosted servers. But education only goes so far with users, since many will still continue to use grandchildren’s names and short, letter-based passwords.

For that reason, many IT professionals now implement password requirements at the server level. When a user enters a password that doesn’t meet these requirements, the system shoots back an error. The user then must create a more complex password to proceed.

Cloud Provider Responsibility

Many cloud services allow IT staff to set these password requirements through their own consoles. Amazon Web Services’ Identity and Access Management (IAM), for instance, gives administrators the ability to set an initial password through the console, then turn changing that password over to the user.

Through the IAM console, an administrator can set policy requirements for all users. Administrators can require at least one uppercase letter, at least one lowercase letter, at least one number, at least one special character, and set a minimum password length. The longer the password requirement, the more secure a user’s files and applications will be.

Cloud-hosted data can be protected with the best security in the industry. But if an organization’s users aren’t practicing safe password behaviors, that data is being put at risk on a daily basis. By using the tools available today, cloud-hosted companies can force users to be responsible when creating passwords, increasing their own security exponentially.