Why Spreadsheets Are Not a Password Management Solution
Many organizations still use spreadsheets to store and manage company passwords. But managed services providers (MSPs) shouldn’t use or perpetuate this practice. After all, the 2019 Verizon Data Breach Investigations Report (DBIR) found that 80% of hacking-related breaches are associated with passwords. The same report mentions password managers as an invaluable tool for preventing such attacks—and MSPs who are still using spreadsheets for enterprise password management should consider making the change.
How Secure Is My Password in a Spreadsheet?
How safe is your password? If you’re saving company passwords in a spreadsheet, you should be worried about your password security. You’re putting company data at extreme risk—in fact, you may already have been breached without realizing it. Spreadsheets are not a secure password solution for the following reasons:
Spreadsheets are not designed for password management security.
Spreadsheet tools were never designed for password management. Spreadsheets are a great tool for calculations, graphing, and organizational tasks, but they simply don’t make the cut for a password solution. Some spreadsheet software may offer some improved security features, like longer hashes and salt values, but these newer versions still don’t offer two-factor authentication. Despite these slightly improved security updates, if the file is exposed externally to your organization, it’s still too easy to access the data within. For privileged passwords especially, it truly isn’t worth the risk.
It’s too easy for bad actors to access, copy, and edit spreadsheets.
It’s simple to download, transfer, and copy spreadsheet files—which inherently puts your passwords at risk if you use spreadsheets for storage. Internal users can too easily copy and forward files—whether on purpose or by accident—in a way that allows hacker access. What’s more, spreadsheet access can occur without leaving a trace. You can’t audit file usage for spreadsheets, so you don’t have visibility into who is accessing the file, making copies, or changing passwords. This means you may fall short on compliance guidelines as well.
Using spreadsheets leaves you vulnerable to human error.
Using spreadsheets is a manual method for handling credential information. As with most manual processes, this method leaves you open to human error. It’s too easy to make mistakes while creating or managing passwords within a spreadsheet. If you forget the password to the encrypted spreadsheet, it may be difficult to recover the information. And if a breach does occur, you’ll have to make manual password changes within each individual system. Not only is this disaster recovery time-consuming, but you may miss credentials and leave security gaps.
Spreadsheets don’t enforce password standards or best practices.
When you’re using a spreadsheet, there are no built-in tools for supporting password best practices. Passwords don’t have to pass company policies or regulatory standards—you can write in any password with no automated way to ensure strong and unique passwords. Part of the problem is that spreadsheets don’t typically integrate with SIEM tools that can offer greater security.
Are Password Managers Safe?
Using a password manager like SolarWinds® Passportal is a much safer alternative to using spreadsheets. MSPs should consider investing in Passportal to reap the following features and benefits:
- A cloud-based, centralized platform: Centralize your password management for better visibility and more flexible access.
- Easier management: A password manager like Passportal can offer credential injection, change automation, and better documentation and reporting.
- Support for best practices: With a purposeful tool, you can enforce password complexity and standards, ensure passwords aren’t reused across accounts, and quickly create or revoke access as needed.
- Security features: It’s better to use a password solution that’s controlled via role-based permissions and multifactor authentication. Plus, a tool can help you see who has accessed password information for increased security and technician accountability.
- Automated processes: A password manager can integrate auto-capture of any new credentials or password changes, helping to eliminate human errors.
- End user support: When end users need to reset their passwords for any reason, that process should be as easy as possible. A password manager can provide a simple self-service reset function for end users and update internal lists accordingly.
- Disaster recovery: You can shorten incident resolution times by having all the updated information you need in one place.
Overall, investing in a password manager is a safer solution for credential management. For MSPs looking to ensure security for their customers, having a business-grade solution is a must. It’s time to replace those spreadsheets with an intuitive and secure platform like SolarWinds Passportal.
- How Are You Securing Your Login?
- Help Your Customers Meet Password Compliance Requirements
- Your MSP Needs a Password Manager
SolarWinds® adds Passportal suite to its MSP product portfolio. MSP security, simplified. SolarWinds® Passportal + Documentation Manager is a SOC 2 certified, RAPID 7 tested, award winning platform.
Grow your business faster with the world's first unified platform for true password management and secure IT documentation. More than 2,000 best-in-class MSPs around the world are leveraging our security, automation, and rapid access client knowledge to out preform the competition.