What is a password manager and why does your company need one?

Published on 09/10/2020 by Bruno Peláez and Sonia Navarrete

A study by Capterra on the password usage habits of British SMEs revealed that a third of users use the same password on all Internet sites. This represents an extremely high risk in the vulnerability of personal and company data.

what is a password manager

In order to protect accounts, each one must carry a strong and unique password to reduce hacker attacks. With so many applications in daily use, it is impossible to remember every password. For this reason, it would be helpful to have password management software. But what is a password manager?

What is a password manager?

A password manager is a computer security system, a program that allows you to create unique passwords for each of your accounts, to store them in a safe place and to access them through an extension in your Internet browser or through an app. It can be used with your computer, smartphone or tablet.

With a password manager, your company can share passwords securely between employees, so you no longer have to write them down on paper, put them in a document or send them by email, reducing the risk of someone getting hold of them.  

Security measures provided by password managers

Now that you know what a password manager is, here is a list of the security measures that they can provide to your business.

  • Brute force attacks: In this type of attack, a hacker uses different techniques in order to decipher the password, so the longer and more complicated the password, the more difficult it will be to decipher. Using a password manager will protect you against this type of attack, as it allows you to generate strong passwords using random characters.
  • Database code injection: These attacks are aimed at companies that manage a significant number of users and therefore have many combinations of emails and passwords in their databases. A while ago, Spanish company Freepik suffered one of these security attacks in which the data of millions of its users was exposed. A password manager will warn you if you use the same password more than once and will allow you to easily change it if it is compromised.
  • Password theft: A password written down on paper, on a computer notepad or in another format is in danger of being taken by someone with bad intentions. The study on cybersecurity in SMEs carried out by Capterra reveals that 21% of users use documents or spreadsheets to save passwords. This security risk can be avoided by using a password manager that eliminates the risk by keeping the passwords in a secure encrypted location

The importance of using strong passwords when remote working

The situation with the Coronavirus pandemic has forced many companies to implement working from home, maintaining security in remote connections between companies and users has been a challenge. It is, therefore, vital to have security tools that allow connections to be protected and thus avoid vulnerabilities in the system.

Apart from this, it is advisable for companies to implement a password management policy, where the use of strong passwords is encouraged, and this is something that can be implemented by using password managers.

The Capterra study on cybersecurity in remote working in SMEs mentioned above also reveals that only 38% of small and medium-sized companies use a password manager. 24% write down their passwords on a sheet of paper and 20% share them among colleagues. This scenario is worrying, as it shows that most companies do not give due importance to password management, which exposes them to a security breach.  

Functions of a password manager

It is important not only to know what a password manager is and what it does, but also to know how to choose one that suits your company’s needs. So you must take into account whether it meets these basic criteria:

  • Ability to track password usage and generate reports: a function that allows you to monitor aspects such as who has accessed certain accounts, from which IP and for how long.
  • Two-factor authentication: a feature that makes it possible to verify user access to the password manager, using at least two types of verification.
  • VPN connection included: a feature that adds an extra layer of security when using the password manager from remote connections as it encrypts the communication. Specialised software is also available for this type of security.
  • Password audit: a feature of the password manager that analyses which passwords are weak and suggests changing them.

So now you know what a password manager is and the advantages that they can bring to your company. But are they reliable?

Can a password manager be trusted?

Although they do not completely shield you against cyber-attacks, you can benefit from the advantages of a password manager. Here are two reasons why you can trust them:

  • They avoid password reuse attacks. If a hacker gets hold of one of your passwords, they will not be able to use it on the rest of your accounts, as the password manager prevents you from using the same password on more than one account.
  • They protect you against phishing, which is one of the most widespread techniques and puts many users at risk. In this type of attack, websites or emails are created that redirect you to a site with a design very similar to that of the company they want to impersonate by asking you to enter your access details. 

All information on the Internet is vulnerable to some kind of attack and the implementation of a password manager does not mean that our passwords will always be safe. However, it is advisable to use one alongside other systems, as it adds one or more levels of extra security to the company’s data. Not having one can make the company more susceptible to a security breach, which can result in important losses for the company.

Looking for password management software? Visit our  catalogue to find out more

 

This article may refer to products, programs or services that are not available in your country, or that may be restricted under the laws or regulations of your country. We suggest that you consult the software provider directly for information regarding product availability and compliance with local laws.