Passwords & Usernames For Your Business Technology

Do you know all the usernames and passwords for your router, firewall, computers and other technology on your network?  All business owners and CEOs should have access to this information.

If you switch IT service providers or a piece of hardware shuts down, you need to know them to keep your business running. But how are you supposed to keep track of all these usernames and passwords? Who else should have access to them? How often do you need to change passwords? We’ll answer all these questions and more, so read on.

Shouldn’t My Passwords Be Easy to Remember? 

Easy passwords might allow you to access your accounts quickly, but they can do the same for hackers. The more characters you use, the better. One trick you can use if you can’t remember completely randomized passwords is to create a passphrase instead of a password. Use spaces to make a sentence and incorporate numbers and special characters in place of letters. For example w1Nt3r iZ com;nG? instead of “winter is coming.”

Here are some tips when it comes to creating strong passwords:

1. Use at least 8 characters that include:

  • Upper and Lower Case letters
  • Numbers and Letters
  • Special Characters such as #!&

2. Use a unique password for each website or cloud application.

3. Change passwords every 90 days.

4. Never share passwords.

5. Use a password manager.

How Can I Keep Track Of My Passwords?

You can consider using a password manager to keep track of your passwords and usernames. A password manager generates, keeps track of, and retrieves complex and long passwords for you to protect your vital usernames and passwords. Plus, it provides answers to security questions for you to authenticate your identity. All of this is done with strong encryption that makes it difficult for hackers to decipher.

How Does Password Management Software Work?

Password managers automatically store your login credentials for the various sites you visit. Passwords are encrypted in a database using a master password, so all that you need to remember is your master password.

When creating a new account, the first thing to do is to choose a master password. This controls access to your password management database. Make sure it’s a strong password that you can remember because it’s the only one you’ll be using. You can change it later if you need to.

Your master password can be connected to the active directory, which means you can use this one password to log in to computers, send emails and wherever you need to use a password. And when your passwords need updating, you only have to change the master password.

To use the password management software you simply input your master password for the password management software. The program automatically fills in the appropriate login data for you. You can also configure it to store your email address, username and other data.

What Are Some Password Management Programs To Consider?

A variety of password managers are available, but you want to choose one that’s designed for business use. There are many solid options. We use My Glue from IT Glue but there are others you can choose from:

  • MyGlue is based on the award-winning IT Glue documentation platform, but built to meet the needs of small and medium-sized businesses. MyGlue allows you to document your SOPs, passwords, vendor info, contacts, locations and equipment, all in one place, and all accessible with a couple of clicks. Fully secure, MyGlue is your business information hub.
  • LastPass for Businesses provides a centralized control dashboard, convenient secure password sharing, automated user management, federated access so employees can log in with their Active Directory credentials, secure password storage where employees have their own vault for storing every app and web login they use, and two-factor authentication options to ensure no one can log into your password vault.
  • Splikity uses military-grade encryption to remember passwords and automatically saves and syncs them across all your devices. This helps if your employees are always on the go and use mobile devices to sign into sites. It utilizes the strongest security in the industry, and they run continual security tests to ensure your passwords remain secure.
  • Dashlane works on almost every platform: Windows, OS X, iPhone, iPad, and Android. There’s an extension for every major browser. It includes features like a security dashboard that analyzes your passwords. Dashlane for Business is designed for easy use by both technical and not-so-technical people. Onboarding is painless, secure sharing of company information is simple, and it offers features like autofill and auto-login, and secure group sharing. It also provides both business and personal spaces that let your employees store both their professional and personal accounts.
  • Keeper Security gives you on-demand access to encrypted passwords, applications and websites. With a Private Master Password, only the user knows the Master Password used to encrypt and decrypt information, thereby maximizing security. Keeper Security utilizes multi-factor authentication, including a biometric login and Keeper DNA to confirm identity. User data is encrypted and decrypted at the device level not on Keepers’ servers or in the Cloud. And Keeper protects your information with AES 256-bit encryption and PBKDF2, widely accepted as the most robust encryption available.
  • Sticky Password is an ultra-secure password manager where you use your fingerprint to authenticate your identity on a mobile device. It also provides a random strong password generator and will autofill forms for you, saving time and trouble. It also uses 2‑step verification, military-grade AES‑256 encryption and biometric authentication. And a portable password manager lets you access your encrypted data even on computers that aren’t yours. Share passwords and logins securely, grant, remove and manage access, set permissions and more.
  • KeePassX is an application for people with extremely high demands for secure data management. KeePassX saves many different forms of information (e.g. usernames, passwords, URLs, attachments and comments) in one single database. For better management, user-defined titles and icons can be specified for every single entry. Entries are sorted in groups, which are customizable as well. The integrated search function allows searches in a single group or the complete database. The password generator is very customizable, fast and easy to use. Someone who generates passwords frequently will appreciate this feature.

There are many more Password Managers to choose from. And there are also password management tools where you provide a one-time link so an authorized person can use the password for specific purposes. Once they use the password, it expires.

How Often Should Passwords Be Changed?

Good passwords aren’t easy to guess, but they also don’t last forever. There are times when changing passwords is critical, such as when:

  • You’ve experienced a security incident.
  • There’s evidence of malware or other viruses on your technology devices.
  • Someone without authority accessed your system.
  • You shared access to your technology and they no longer need it.
  • It’s been over a year since you last changed your passwords.

Keep a reminder on your calendar to change out passwords regularly.

Who Else Should Have Access To Passwords & Usernames For My Business Technology?

Your IT company should have access. They should keep an inventory of all the passwords for your hardware and appliances on your IT system. And they should provide you with an up-to-date list. Don’t let them walk away with passwords to your router, firewall and more. If you decide to switch IT providers, you might not be able to get them back.

If you switch IT companies, they should present you with a complete checklist of all your passwords. If for some reason you can’t retrieve them from your old company, your new one tech service will have to reset them or try to crack your passwords to reveal what they are.

It’s also vital to know who has access to your passwords and usernames. It shouldn’t be anyone other than you and your IT company.

If you liked this article, we have many more on The NOVA Blog.