Think of your company’s passwords as baby Yodas—they must be protected at all costs.
A password is the most crucial element to keeping your company’s data secure—as well as the weakest link when it comes to data security, though only 31% of companies use a password-management solution to protect their data. (ICYMI, here’s our post on how to manage employee passwords across the business).
Passwords managers are at the core of IT security. They prevent hacks and breaches and remain the best way to monitor your passwords company-wide.
Naturally, you’ll want to select a password manager that has all the features necessary to keep your data safe and alleviates some of that heavy lifting from the IT department. But what makes a good password manager in the first place? And even if you do find the right solution, how can you get everyone in your company on board?
Getting beyond password manager resistance
As with any new tech tool, getting every employee to use a password manager can take time, including at the executive level. Here are the four most common roadblocks you’ll come across when trying to implement the use of a password manager across your business:
- Conveying just how important a password manager is for protecting company assets: It’s challenging to quantify the value of certain security technologies because business leaders cannot accurately predict the likelihood, extent, or cost of a data breach. But as we’ve learned, data breaches are common and immensely costly, and poor cybersecurity hygiene can result in millions of dollars in financial losses.
- Getting everyone on board with ease: Even the slightest change in practice is not immune to resistance from employees. Some employees might be frustrated by using a password manager, while others simply may not trust the technology. Employees who have been with the company for a long time and have committed tried-and-true methodologies to memory might be especially resistant to the change.
- Risk of project failure: Another concern, one that most IT leaders know all too well, is the risk of project failure. In general, a fast and efficient software implementation elicits little response. But a problematic, disruptive deployment is likely to spark comments across the enterprise, from new employees to seasoned C-suite executives.
- Executive buy-in and support: Sometimes resistance can come at the highest level: Another people-related challenge lies in obtaining buy-in and support from executive leaders and the board of directors.
Find a solution you can stand behind
Even if you have yet to get over the hump of convincing your company to adopt the use of a password manager, there are some key elements to the best-in-class solutions that will help make your case. Here’s what your password manager should be able to do:
- Sync across employees’ devices
Password managers are the first line of defense against unauthorized access and data breaches, so a good password manager should work seamlessly across devices, operating systems, and browsers. With the right password manager, employees should be able to both save and share credentials without using email, Slack, or other non-secure messaging platforms.
- Help employees learn about password management
A good password solution can also help employees understand what makes a good password and how to keep it secure. A state-of-the-art password manager should rate the strength of user passwords and help identify and support best practices for creating more robust credentials (like this Dashlane ZXCVBN tool). It’s also important to look for a password manager that can actually provide you with actionable insights like tracking your company’s security score over time. (Check out Dashlane’s Password Health Score dashboard.) By providing this kind of information to employees, you can create a culture of security within your organization and inspire real change.
- Scan the dark web
Cybercriminals typically sell stolen customer data in the murky depths of the internet. That’s why it’s paramount that the password management solution you choose is able to scan the dark web for credentials pilfered in previous breaches. The National Institute of Standards and Technology (NIST) recommends that businesses perform scans for exposed or compromised passwords against a list that contains values known to be commonly used, expected, or compromised. This list should include passwords lifted in previous breaches, dictionary or common words, and context-specific words like the name of the company or username. If compromised company credentials are identified, the password manager should be able to send automatic alerts to users.
- Be cloud-based
Cloud-based password management solutions, as opposed to locally stored passwords, can take advantage of the security expertise of leading cloud providers. These include highly secure facilities, end-to-end encryption, protection against DDoS attacks, and detailed network activity logs and audit trails. Best-in-class password protection solutions use zero-knowledge architecture that syncs encrypted data in the cloud and decrypts it locally on the user’s device.
- Let employees recover their passwords
Whether stored locally or in the cloud, a password manager should include self-service password reset and account recovery capabilities, plus an account recovery feature that allows users to reset their master password and recover data stored on an authorized device.
Get everyone involved
The key to adoption is engaged employees. It’s important for business executives and IT leaders to approach password management in context with real-world risks associated with password security and the immense importance of adoption.
If leaders prioritize employee engagement and a proactive commitment to security, secure password management can flourish. That’s why it’s critical to foster a sense of ownership and pride in participation. Each employee, regardless of their job title, should know their singular role and responsibilities in the collective effort to protect data assets, applications, and networks.
Inadequate password management has become a leading risk to data security, but it doesn’t have to be. Dashlane, an advanced, easy-to-use business password management solution, simplifies and streamlines data protection. To discover more about what leads to the successful adoption of company security measures, check out our latest white paper.