[SECURITY | 4 MIN READ] A password manager can provide a secure solution to easily generate, store, and retrieve complex passwords to the benefit of your MSP or your customers.
Nobody loves passwords. End users find them annoying to update and track, and administrators have more critical tasks to attend to than constantly resetting passwords when someone gets locked out of their account. However, despite being a general hassle, passwords are a necessary nuisance and are extremely important to security best practices.
Poor password practices can have drastic ramifications for organizations and businesses large and small. The 2019 Verizon Data Breach Investigations Report found that 29% of cyberattacks involved stolen credentials. Given that the global cost of cybercrime is expected to hit $6 trillion by 2021, maintaining proper password security is essential to fending off attempted cyberattacks.
As a managed services provider (MSP) looking to provide a solution for your customers, a password manager may be a secure and effective option.
How do password managers work?
Password managers are applications that essentially function like digital safes. They allow you to easily generate, store, retrieve, and change remarkably complex passwords for each of your accounts, thereby removing the need to keep multiple long and hard-to-memorize passwords scribbled on sticky notes or saved in spreadsheets.
In addition to keeping these passwords encrypted—whether your customers are small businesses or enterprises—password managers streamline the user experience for managed IT services providers. Much like a safe, they only require one master password to access the entire password management system.
Are password managers safe?
While password managers are one of the safest options available, anything concerning passwords will inevitably have vulnerabilities. For instance, one concern challengers have raised is that a hacker will essentially have access to all the passwords stored within the password manager application if the hacker is able to acquire the login credentials for it. While this is true, the benefits that password managers provide you and your customers far outweigh the potential drawbacks.
One benefit is that all the passwords the application generates will be encrypted and complex. Password managers remove the risk end users will use personal information—which hackers can often guess or look up—to create new passwords, instead opting for long, random, and complex strings of characters that are almost impossible to guess.
Password managers also autofill login fields and allow users to automatically sign into accounts. This may not sound like much, but removing the need to manually type in passwords adds in an extra layer of security by circumventing potential keyloggers a bad actor may have managed to install.
A final benefit the best password managers will provide is multifactor authentication (MFA). This builds in yet another layer of security, meaning that even if a hacker manages to acquire the master password, they’ll also need to steal the administrator's phone to utilize that master password.
No system is 100% unhackable. Even two-factor systems (2FA) can be breached, for instance, but that shouldn’t be an argument against password managers. In fact, this is the reason it’s imperative you encourage your customers to implement as many layers of security as possible—to keep their passwords (and systems) secure, encrypted, and protected.
Setting up a password manager
As MSPs, you likely know this, but password managers tend to require a little bit of initial setup to function properly.
For example, most web browsers have basic password management systems built in, and while some password management apps automatically import those passwords, it’s essential that you double check manually to ensure that they’ve copied over properly. Once they’ve been imported, the passwords should be deleted from the browser and no longer saved there going forward.
Your passwords and those of your customers might also be saved on specific workstations. Windows and Mac OS operating systems have baked-in password managers, so it's important to be thorough. While it can take a little time to copy over each password successfully, doing so is a vital step to ensuring that your customers’ credentials are protected and secure.
Why are password managers important for MSPs?
Password managers provide convenient and powerful management tools over a potentially vast number of passwords. With larger customers like enterprise companies, credential management can be a time-consuming task to execute properly and responsibly. Password managers streamline the management process, preventing it from becoming unwieldy or haphazard. By remaining vigilant about password security and management, you’re showing your customers you’re committed to protecting their organization and bottom line from harm.
There are many reasons why MSPs and managed security services providers should be using password managers, but keeping your customers’ trust and respect is just as important as keeping their administrative and privileged passwords secure.
- Why Every MSP Needs a Password Manager
- MSPs, How Are You Securing Your Login?
- How to Build Password Policies for Your Customers
SolarWinds® adds Passportal suite to its MSP product portfolio. MSP security, simplified. SolarWinds® Passportal + Documentation Manager is a SOC 2 certified, RAPID 7 tested, award winning platform.
Grow your business faster with the world's first unified platform for true password management and secure IT documentation. More than 2,000 best-in-class MSPs around the world are leveraging our security, automation, and rapid access client knowledge to out preform the competition.