5 Things Every MSP Needs to Know About Password Management 

Share

Using a password manager can help you stop writing passwords on sticky notes

The average U.S. citizen has at least 70 passwords for everything from email to online banking to social media. People who use a lot of technology and software in their work can have hundreds of passwords to keep track of. 

Any cybersecurity professional will tell you that every one of those passwords should be unique. Otherwise, the theft of one password can lead to breaches across all of your devices, software, and online accounts.  

But who can remember dozens, if not hundreds, of unique passwords? Not many people, which is why password management tools have become a must-have for any person or organization who wants to remain safe. As such, every MSP should know a few things about password managers when building their security stacks.   

What are password managers? 

A password manager creates an encrypted vault for storing passwords. The vault is protected by a master password (and usually two-factor authentication). This means the user is only responsible for creating and remembering one strong password.   

(Technically, they don’t even need to create that strong password. Most password management tools allow for automatic generation of complex passwords that would be extraordinarily difficult to crack.) 

Early password vaults were used to store passwords somewhere safe. Modern password managers take this step further by autofilling passwords to stored sites. Not only does this remove the need to manually type in login details, but it helps to protect users from keylogging malware.  

In short, password managers take all of the work and tedium out of password hygiene. Because this is a necessary part of the bigger security picture, IT providers should be providing password management to every client.  

What do MSPs need to know about password managers to help their clients understand the value? 

1. Most Password Managers are Secure 

Many users are still concerned about the security of password management tools. If one location holds all of your passwords, doesn’t that make it easier for someone to gain access to them? Not quite.  

Most password managers worth their salt use AES-256 encryption, the current gold standard of encryption. Even the US government uses it to transmit top-secret information. 

It’s very unlikely that hackers will attack users’ devices with the intent of stealing data from the password management app. Even if they try, it would take them over a billion years to brute force their way through the AES-256 encryption.  

If users are still worried about security, two-factor authentication takes the risk of losing that data down to nearly zero. Even if a hacker could figure out or crack your master password, they still wouldn’t be able to bypass the 2FA without taking additional extreme measures. 

2. Password Managers Differ 

There are several commercial password management tools available, each one of them different. While things like ease-of-use factor into your choice, one of the key differences between password managers is where they store their data. Your personal password vault can exist locally on your device, or it can be stored in the cloud.  

There are pros and cons to both options, most of which are central to any “cloud vs. local” debate: 

  • Storing passwords in the cloud allows for seamless syncing between devices. 
  • Cloud storage keeps users from losing their stored passwords if their device crashes or is destroyed. 
  • If the device is stolen, there are obvious downsides to the password vault existing on the physical machine.  
  • On the other hand, data stored in the cloud has more threat surfaces and is theoretically more vulnerable to attack. 

Many password managers give you a choice. Many that sync to the cloud have this feature disabled so that passwords are stored locally.  

3. Good Password Hygiene Would Be Nearly Impossible Without a Password Manager 

As an IT professional, you’ve probably explained proper password hygiene to countless people. You know that every password should be unique, as well as complex enough to resist a brute force attack.  

Even though the public is aware of the importance of strong passwords, the issue doesn’t seem to be getting better. (The most common password in 2021 was still 123456.) That’s largely because keeping a few dozen passwords unique and complex is such a daunting idea that most users just don’t bother

In a world where each of us has 70-100 or more passwords to tend to, there’s essentially no way to practice proper password hygiene without the help of a password manager. 

4. Free Password Managers Have Limitations 

Many end users ask why they need to pay for password managers when there are free options available. The answer to that is generally what you would expect: you get what you pay for. 

Free password management tools can be limited. While they may work for people with few passwords on a single device, they leave a lot to be desired when it comes to more advanced or enterprise-ready features. 

Free password managers might not support or sync to all devices and browsers. To get the benefit of a password manager, you must install it on all devices you will be using. The software will also need to be compatible with your favorite web browsers.  

They may only work with web-based browser logons. Free password tools typically won’t log users into their computer, device, or corporate network. 

A free password manager may also not work with certain websites. The usability and convenience of password management takes a hit when the password manager doesn’t work correctly. Having to manually call up the password manager to type in a long, complex password can be troublesome, so the tool’s ability to work across as many websites and platforms as possible is key.  

5. Password Managers Can Give Users Peace of Mind 

…and not just with their login details.  

The best password managers are also able to store other important data securely. For instance, some will safely store password recovery questions. This allows an extra level of security, because users no longer have to give accurate, memorable answers to recovery questions. Instead, they can generate a complex password as the answer to these questions and store them in the manager.  

Many password managers also give users the option to store more than passwords. Users can often store sensitive data like credit card numbers, membership numbers, and bank account numbers in their secure “vault” right beside their passwords.   

Another benefit of password managers is that users can share access to their accounts with a legal representative or loved one. Sharing account details and logins is strictly forbidden from a cybersecurity standpoint. However, there can be a legitimate need to do so.  

While it might not seem like a pressing concern on a day-to-day basis, many people wonder how their families will access important accounts and websites if something should happen to them. What if they need access to their bank accounts, or even access to sites where they pay the bills? Password managers can take some of the risk out of this process and provide a solution that gives a little extra peace of mind.  

Why Use Password Boss as a Password Management Tool?  

  • MSP Management Portal 
  • Role Based Access 
  • Two Factor Authentication 
  • Auto-Logins 
  • Secure Password Sharing 
  • Multi-Device Access 
  • Built-In Dark Web Feature 
  • AES-256 and PBKDF2 Security 
  • Remote Control Integration 

For more information: Password Boss