Password Keeper Safety Guide
Do: Encourage & Require Unique Passwords for Every Site
What’s worse than a dark web breach where a third party site ends up spewing credentials into the dark web? What’s worse is when your employee — who had an account on that site — has been using the same username/password on dozens of sites (some of which they might not remember).
Do: Use Generated Passwords Instead of Memorable Ones
One of the biggest barriers standing in the way of employees using unique passwords for each site, is when an employee is hopelessly striving to create a memorable password for each site they create an account on. It’s unrealistic, and often heads down the path of using the same password on multiple sites. Forget about creating memorable passwords: lean on your password keeper to generate complex, unique passwords for every site.
Do: Leverage Password Versioning to Solve Mysteries
If there is one thing more frustrating than having your autofilled password lead to a failed login, it’s not being able to retrace your steps and see if (perhaps) the prior password you used on that site is still the active/correct one. This happens a lot when a user is rushing through a “change password flow” and forgets to click on a final submit/save button. Thank goodness for password keepers that hang on to password history!
Don’t: Let Internal Sharing Get Chaotic Without Structure
The sharing functionality built into most password keepers is a huge win for organizations that might have previously shared passwords via slack, email, text message, or other mechanisms. So what’s the problem? The problem is when sharing becomes chaotic due to the lack of any conventions/expectations about vault/credential organizational strategy at a team or company level. Set expectations about naming, tagging, and taxonomy — to get your organization off on the right foot.
Don’t: Assume that Unique/Strong Passwords Reduce Need for 2FA
Some organizations incorrectly assume that if they are using unique/strong passwords, that reduces or eliminates the need for 2FA. Not so. Attackers relish the idea of an unsuspecting victim letting down his/her guard in this manner.
Don’t: Allow Employees to Bring Their Own Password Keeper
Employees come and go, sometimes at times that are unpredictable on one side or the other. Having organizational continuity with regard to shared passwords is essential to continuing “business as usual” when an unexpected parting of ways occurs. Save yourself from an unwelcome (and often untimely) mystery hunt of trying to reassamble the necessary credentials to continue on with the business function that the former employee was previously responsible for.
Interested in more of our cybersecurity infographics? Check out our complete collection here. Interested in getting access to an excellent password keeper as part of a Havoc Shield plan? Check out our Rapid Threat Test here — completing it means you’ll be able to scoop a free deal on a 14 day trial.