How many different passwords and login accounts does your company maintain? 10? 20? 50? More? In the age of rapidly changing cloud services, it’s common for a company to generate dozens and dozens of passwords.
Managing all of these accounts can be a real challenge — not to mention a security risk. In a recent webinar, our Director of Technology Thomas Kinsinger highlighted some of the issues that many organizations face when it comes to managing passwords, and how an enterprise password management system like MyGlue can help make things simple and keep you secure.
Why Poor Password Management is a Serious Risk
A compromised password can expose any data that is protected by that password. This can include sensitive information like employee records, financial information, and trade secrets. Additionally, admin accounts for cloud services could give an attacker broad access to sensitive information, in addition to disrupting service and destroying important data. So the need to keep passwords protected is clear.
But for many organizations, the way they store passwords is inherently insecure. They may share an account between several individuals using email, sticky notes, shared documents, or other means. These methods provide very little control over who can see a password, and there’s no audit trail or logging to determine who last accessed that account.
Additionally, the need for many people to remember a password can result in short, insecure passwords. These may use publicly available information, like a business’s address or phone number, which could be easily guessed by an attacker. Also, in many cases passwords are reused across many different services, which means that if one password is compromised, all of them are.
One particularly alarming threat that Thomas mentioned was that of a disgruntled employee who has access to critical passwords. He cited the example of a college IT administrator who, after being fired, held the school’s G Suite account for ransom for $200,000. Similar incidents have highlighted the need to quickly determine who has access to sensitive passwords after an employee separation.
A compromised password can expose any data that is protected by that password. This can include sensitive information like employee records, financial information, and trade secrets.
Protecting Against the Threat of Compromised Passwords
Organizations have a few tools in their arsenal to protect against the threat of password compromise. The first is to have a written password policy that specifies how passwords are to be used and stored. This can include things like minimum password length, complexity, and how often passwords need to be changed.
The second tool is multi-factor authentication (MFA). Using MFA means that a compromised password alone cannot be used to access an account. A secondary piece of information, such as a code from an app or authenticator token, is required as well.
Third, companies can use strong passwords that are unique to each service or account. This makes the password itself harder to crack, and prevents one compromise from cascading into others.
Implementing these tools can be made much easier by using a secure password management system like MyGlue.
How MyGlue Can Protect Your Passwords
MyGlue is designed to help businesses protect their passwords. It has several key features that help mitigate the risks of generating, sharing, and storing passwords.
First, MyGlue supports MFA. So you can require that all your users have a secondary form of authentication before they are given access to stored passwords.
MyGlue also makes it simple to generate unique, secure passwords for all of the accounts that you manage. Simply click the “generate” button when adding a new entry, and the app will generate a long, random password to use just for that service. To make using these passwords easy, MyGlue offers browser extensions that will autofill passwords on any website.
These features are common to most password managers — LastPass, 1Password, and others are popular with both our clients and our employees. But where MyGlue really shines is in enterprise password management.
One of the big risks we mentioned is when passwords need to be shared with several employees. MyGlue makes this both simple and secure. Passwords can be shared with individual users, as well as defined user groups. For example, the password for your Office 365 admin account can be shared with only users in the “IT” group. If a user is removed from that group, they’ll no longer have access to that password.
MyGlue also offers granular logging and auditing. Any time a password is accessed or changed, that activity is logged. This makes it easy to see which passwords need to be changed after an employee is separated. Simply pull a report of which passwords he accessed, change those passwords, and then update the entry in MyGlue.
MyGlue is a part of the IT Glue system that E-N Computers uses to help us manage our clients’ networks. So, you can selectively share your passwords with us. For example, you can share updated server and network passwords with us, while keeping other passwords private within your company.