How to manage passwords in a company
The amount of credentials and passwords to keep track of has become an issue for virtually every company. Especially so if you have to protect both your company’s and your client’s passwords. Today we will cover four easy tips how to manage passwords in a company.
1. Secure storage. First and foremost, make sure all of your company passwords are stored in a secure place. That means no passwords stored in spreadsheets, Word documents, notepads or sticky notes. The place where you keep your sensitive credentials should always be properly encrypted (read more about levels of encryption) and accessible to you at all times.
2. Organizing. This is a big one. Most information management policies and platforms fail because users are unable to use all their saved items efficiently. Sure, storing and using 15 passwords in a platform is easy. But try to do that with 3,000 passwords and most passwords managers fail quite quickly. A functionality that helped organize passwords in a team was actually the number 1 feature request we’ve had on our user feedback page. That’s why you can’t imagine Windows without Folders, that’s why Gmail’s Labels rock and that’s why we have created Tags in PassCamp. Thanks to this feature, anyone can create their own way how to manage passwords in a company, no matter how many passwords.
3. Gatekeeping. Every system needs a gatekeeper and to manage your company passwords efficiently (and more importantly – securely), you will need one too. Somebody has to be assigned the responsibility for granting, revoking and managing access in your team. In tech teams this usually the sysadmin, in marketing agencies – the office administrator, in other cases – the CISO.
Luckily, with a proper tool, this is not a time-consuming task once your process is in motion. Just make sure to assign some back-up personnel too, to avoid a major lock down when your admin goes away to snorkel in the Caribbean.
4. Sharing. This is probably the most critical and the most counter-intuitive aspect of team password management that companies face today. A lot of people think that passwords should never be shared at all, which while true is some cases, is not how today’s reality works. Virtually every job has passwords to share – whether it’s the SSH key, company Twitter password, access to a shared account on Behance or a Netflix password. Just think of a regular employee on boarding experience – first, you are introduced to your colleagues. Then somebody takes you to your desk. Afterwards – they send you the credentials to your accounts. Similarly, think about what happens when an employee leaves your company – they clean out their desk, return their employee card, return their passwords… wait, but do they?
Like it or not, passwords are shared today – but you have the option to choose whether they’re shared in vulnerable plain-text on social media or emails, or securely in an encrypted platform, where you can track who has access to your company passwords and what changes they make.
If implemented correctly, these four points will help you manage passwords in your organization efficiently, save your team’s time and improve your information security while you’re at it.
Let us know what you think!
