Benefits of a Password Manager

Another article on passwords you say? Such an important topic deserves a little repetition.

It’s no secret I’m a big fan of LastPass. It’s brings so much to the table and asks so little (in fact its free).  If you’re not sure why you need a password manager, check out our article How To Manage Passwords Like a Pro

Why use a password manager at work?

This is the place where a password manager makes the most sense. When working in a team of devs, it’s not uncommon to see passwords being thrown around various instant messengers (Slack, Skype etc). Not only is that insecure, but many people use their personal IM accounts at work.

Where’s the problem?

That means someone has their passwords on their machine at home. You have no control over that machine, and it could be compromised which means the password you sent is now compromised.  

Secure Sharing

LastPass allows you to share passwords SECURELY with various team members. This solves the following problems.  

• You know what passwords they have already have access to…

The amount of times someone has asked me to issue a password only for me to log onto the server and find they already have access is astounding. People are lazy, this way they only have one place to check which means less wasted time.  

• Easy revocation on leaving

When a team member leaves, it can be a pain to know what they had access to. With a vault, it’s easy to find out what they had and what you need to change. 

I Quit!!

The amount of passwords that get lost when an employee leaves a company is astounding. It’s not the big passwords that are the problem. It’s the smaller passwords that are a headache to reset. 

Maybe it’s the network switches, or the Paypal Developer credentials. It doesn’t matter, by using a password manager you “should” (if the employee followed protocol) get all the passwords they had access to when they leave the company. 

Separate Vaults for Work vs Personal

One of the major points to address is that someone uses separate vaults for business and personal use. Again, if someone is using a password manager on a compromised machine, you’re in trouble again. Ensure that all accounts are based off a work address which can be handed over when they leave. 

Should the worst happen

If something happens to you (i.e. you get hit by a bus) it’s possible to set up emergency access. This allows you to name a set of people (more than 1 if necessary) that can gain access to your vault in an emergency. I’d recommend setting up a time delay of 3 days to account for weekends.

After that period, they get access to your entire vault. This sounds a little scary, but I’m astounded by the number of businesses who are leaving themselves vulnerable. If one person has all the passwords, what are you going to do if they drop dead? Nothing, you don’t have access to anything. 

Protect the business by protecting yourself. 

Conclusion

Password managers really are essential to businesses, they bring security and transparency. It’s important to note password managers are not just for the tech team (I.e. DevOps, Devs etc). ALL employess should have an account.