How to Manage Passwords for Your Small Business’ Online Accounts
If you’re like most people, you’re juggling dozens of online accounts and passwords for your small business. With so much sensitive information—such as customers’ personal data or company financials—available behind the passwords you choose, it’s more important than ever to manage them well.
According to a report from security firm Preempt, nearly 20 percent of employees are using weak or shared passwords that make it easy for their online accounts to be hacked. To protect your company from cybercrime and data theft by password hacking, consider embracing one of these security measures for greater password management and security.
The Messaging, Malware and Mobile Anti-Abuse Working Group recommends that most people use a password manager and that businesses promote the use of password managers among their users, staff, and customers.
In general, here’s how password managers work:
- You store all online account log-in information in one place and access this encrypted database with one strong master password.
- Because of this, you’re able to have a unique, strong password for each online account, and the password manager can generate complex ones that include numbers, letters, and special characters. Since you don’t have to remember dozens of different passwords, this helps eliminate two of the biggest password liabilities: weak passwords and using the same password for multiple accounts.
- Password managers are integrated with web browsers and synced across multiple user devices. They also use cloud storage, allowing users to access their passwords wherever they are.
LastPass: Offers free, premium ($1 per month), teams ($2.42 per user per month), and enterprise ($4 per user per month) options. Premium allows use of the mobile app in addition to the standard browser app, and the enterprise option provides unlimited sharing folders, additional directory integration, and more customized security policies.
1Password: Offers standard ($2.99 per month), families ($4.99 per month for 5 people), and teams options. Teams options include standard ($3.99 per user per month), pro ($11.99 per user per month), and enterprise (custom pricing). Pro adds greater customization and control, while enterprise gives you a dedicated account manager and set-up training.
RoboForm: Offers a free personal option and a more robust business option. You can purchase subscriptions per-user, with prices ranging from $16.46 to $29.95 per year per user, depending on the size of the company. Discounts are offered for three- and five-year subscriptions. Or you can purchase site licensing for 1,000 or more people at a custom price and flat annual fee. RoboForm for Business adds features like advanced reporting, dedicated tech support, and role-based access permissions.
Enabling multi-factor authentication on your password manager adds an extra layer of security on your online accounts by requiring identity verification before access is granted. This is typically done with a one-time passcode sent to you via text message or supplied by an app on your smartphone. Multi-factor authentication is also available on many password-protected accounts—even without a password manager.
It can also be done with a tool called YubiKey, a small USB device that’s used in combination with a username and password to verify your identity. It provides two-factor authentication with a physical presence rather than a typed code, and it works on Microsoft Windows, Mac OS X, Linux, and Chrome OS.
Shawn Rubel, founder and CEO of Eezy, a company that connects businesses with graphic design resources, says Yubikey has provided an invaluable layer of security against phishing, hacking, and other sophisticated cybercrime attacks. The Yubikey 4 Series comes in three different form factors to fit different USB ports, and each is $40 to $50.