Passwords are part and parcel of daily life for small businesses as much as they are for private consumers. And who needs reminding of how quickly usernames and passwords stack up? Businesses commonly need to keep track of credentials for online banking, accounting and invoicing systems, and customer relationship management (CRM) tools to name but a few. And as operations scale and become more complex, the list only gets longer. While it might seem tempting to go low-tech and try to commit these to memory (or simply use the same ID for all accounts), doing so can is a recipe for disaster.
Easily guessable or short passwords are particularly susceptible to readily available cybercrime methodologies like brute force password hacking, in which intruders automatically guess passwords until the correct one is found. Why using the same password for each account is problematic shouldn’t require much elaboration (but we’ll let you know anyway!).
According to statistics obtained from a LinkedIn data breach, users clearly need some reminding of these principles. ‘123456’ ranked as the most commonly used password, with ‘linkedin’ and simply ‘password’ coming in second and third place. Want to make sure that your organization’s employees are held to a better standard? Our password management guide for small businesses will help steer you in the right direction.
Common Issues with Password Management
So where do businesses need help when it comes to managing passwords?
After adopting a password management tool (we’ll spotlight five of the best), educating employees about IT best practices for proper password management is essential.
For instance, employees should be educated on how to avoid social engineering attacks, such as by being instructed to never open unsolicited email attachments which can often introduce malware that targets insecurely stored passwords.
Proper password hygiene calls for regularly updating passwords across the organization. Setting a strict policy, such as mandating password updates every three months or so, is another important step businesses can take to avoid using the same password for a long period of time. Doing so can limit the amount of time that a successful hacker could have access to your organization’s systems.
Using the same password across multiple sites is another issue that small businesses, who are less likely to have the professional IT input common at large organizations, are more prone to facing. If the CEO’s Twitter password is also the one used to access the company’s payroll, the potential damage that a successful hack could cause increases exponentially.
Finally, too many small businesses are still not enforcing the use of more secure authentication methodologies. Making two-factor authentication (TFA) obligatory for important business systems such as email makes it far less likely that a hacker will successfully be able to access these in the event of a breach.
The Best Password Management for Small Businesses
Besides providing an easy means for storing and retrieving passwords, a good password manager should provide small business users with some key functionalities.
These include encrypting stored credentials; providing automatic prompts to enforce proper password hygiene (like flagging outdated passwords); and, of course, being easy to use. Here are some of the best options out there.
Dashlane is a web extension centric password manager that provides a particularly pleasing user interface (UI) as well as a Security Dashboard where users can easily identify weak, recurring, or breached passwords.
One nice premium feature of Dashlane is users’ ability to completely opt out of cloud syncing and instead store passwords on their local machine. This is a boon for small businesses whose IT policies may preclude them from storing passwords on the cloud.
Dashlane Premium also supports YubiKey (U2F) authentication, while business users can get a smart space that lets them segregate word and personal passwords. Pricing-wise, the Premium version is available for $3.33/month, billed annually, which includes a 30-day money-back guarantee. The Business plan costs $4/month, billed annually, and offers a free trial.
RoboForm includes automatic password saving, a tool to help users generate unique passwords, and a password audit tool that will automatically flag potential security issues such as weak and recurring passwords. It’s another browser extension based software that supports all major operating systems and their respective default browsers.
RoboForm for Business users can avail of a 14-day free trial before making a purchasing decision. After that, the tool costs $29.95/user/year.
1Password is a Canadian company that makes entering passwords as simple as clicking login that the system automatically populates from the user database. The premium versions of the solution include a password vault, where users save stored credentials, the ability to organize saved sites by folders, mark items as favorites, and access credentials while offline.
1Password for Teams is aimed at business users and costs from $3.99/user/month for the standard version through $11.99/user/month for pro, which increases the per/user storage limit, allows custom group setup, and writes an activity log of changes to vaults and items. Both offer a 30-day free trial.
Arguably the best known of the four, LastPass allows users to create a master password which they use to unlock their password vault, where credentials are stored.
LastPass works through a combination of a browser extension and software. The latter is available both for all major operating systems (including Linux) as well as a portable program designed to be run directly from a USB stick. There’s also 2FA (including through a proprietary authentication app), password auto-change and audit functions and offline access support.
For small businesses, the teams and enterprise plans cost $2.50/user/month and $4/month respectively. The enterprise version allows for security policy settings, advanced reporting, and additional multi-factor options. Both are available as 14 day free trials.
Password Best Practices for Businesses
Make sure your employees follow at least these three steps to make sure that your small business isn’t the next hacking victim!
- Use a password manager.
- Change passwords regularly.
- Don’t use the same password for multiple sites.