Are your highly sensitive passwords and logins saved in an Excel spreadsheet? This is one of the most common and also one of the worst ways to store passwords. It's probably even worse than just having passwords on Post-It notes, because with a Post-It note, someone would at least have to be physically present to steal it.

Remember the Sony data breach of 2014? Once the hackers were inside their system, they found several Excel and Word files with passwords in them, increasing Sony's exposure. Even if you add password protection to an Excel file, it's still not very secure.

If you or your company is using Excel or Word to store passwords and you need a place to keep passwords electronically, you can and should immediately start using some type of password management software. This type of software has been designed with one thing in mind, to keep your passwords secure, and safe, and if used properly, it will do just that.

Some of the more popular free ones that you can start using today are Keepass and LastPass.

A couple of tips with password managers:

  • Make sure that the master password you use to access them is not a common one you use in any other place
  • Make sure the master password you use to access them is highly secure
  • Since password managers make it easy to create passwords, you should use this feature to make a different password for each system. This reduces your risk so that if someone does find a password of yours, they won't be able to use it in several places
  • Be sure to store your password file in a safe and secure location that is only shared to users who should have access to it

For the really paranoid type, or if you are dealing with highly sensitive information in your company, you should not use any type of cloud based service, such as Dropbox to synchronize your secure files and you should not use a service based solution such as LastPass Enterprise to be able to access you're files from anywhere. Both of those can be great tools and techniques, and they may be a great fit for your needs, but the added convenience comes at the price of a security trade-off.

To have the highest security out of a password system, you should use a more state-of-the-art enterprise class password management system that stores data in an encrypted central database on a server in a location that you control. You want to make sure to give every single person their own unique log-in and have granular control to specify which passwords are permitted for each user. You want a system that has an audit log trail every time a user accesses a given password entry.

If you're interested in an enterprise class password management system, or you'd like consulting to analyze and assess the best password management system for your needs, please contact us.

Central Password Repository

Want something like this?

Schedule an appointment now to discuss a product or solution like this for your company.

 Contact Us