3 Excuses People Make For Not Using A Password Manager
A password manager is exactly what it sounds like - a way of organising all of your passwords. Specifically, we're talking about a piece of software to do it.
The software takes a password to unlock, kind of like a safe, and then you can access the passwords saved inside. This is valuable because it means you can concentrate on more important things in your business other than remembering lots of complex passwords! :)
In small business, I still see a lot of resistance to using a password manager though. A lot of this seems to be based on bad information. Let's run through a couple and flesh them out.
1. If someone hacks my password manager, they'll have access to everything
This is true. It is also true that my house can get broken into and my safe cracked, which would lead to my password and birth certificate being stolen, and then my identity has been stolen.
That's why I took security precautions to make it harder. My house has roller shutters and security screens. My safe is big, heavy, and bolted to the building. Oh, and it's hidden.
We can apply the same principle to your password manager "safe". If you make it hard enough, most hackers (and criminals!) will just move on to the next target.
To do this, we do things like 2 factor authentication on the password manager itself so that you need a password PLUS an SMS code or similar, limit the number of attempts to get in, and limit what countries can try (if you live in Australia, then it doesn't make sense to allow someone in Russia to try to access your password manager!)
2. If I lose my password manager, I'll be stuffed (or use your choice word here!)
I'm going to break this down into two parts. Firstly, give yourself more credit. You started a business, and you're still in business, which means you are capable of handling the responsibility that goes with that. That includes remembering things that are important.
The other side of the coin is simply, accidents happen. Perhaps a long holiday away from work, and some of the things that were at your fingertips no longer are. Now we know about the risk, let's handle it. Print a copy of your master password. Store it in your fireproof safe at home. Problem solved :)
3. It's just not worth the risk
Most of the thinking on this will go back to #1, but there are a couple of additions. Let's think about the risks of passwords in general.
When you open up your browser and login to Xero (or MYOB), Outlook, Dropbox, Salesforce, Zoom...or whatever tools you use every day, you use a password. You might have forgotten this, because you ticked the "remember password" box, and the computer puts the password in for you.
Now, maybe when you set Dropbox up, you used the same password you did with Xero so you won't forget. You're confident it won't get hacked, because it's a super complex password. But did you know that in 2016 Dropbox was hacked, including email addresses and passwords? Hackers can then use that information to access your Xero account, uh-oh!
Don't forget about the personal logins that you might have attached to your work email like Linkedin, Twitter, maybe even Facebook! Chances are that you have at LEAST 10 systems that have passwords.
So now you have to have 2 super complex passwords. Or 3. Or 20. Will you go back to using a simple password, or will you just run the risk of forgetting the passwords? Both of these are risky options that a password manager will solve. You can use lots of complex passwords unique to each supplier, and not worry about forgetting them.
If you've gotten to the end of this article and feel there's a lot left unsaid, you're right! Password management is a big field. As a next step, I recommended having a look at this article by Stuart Schechter "Before You Use A Password Manager".