Too Many Passwords To Remember? A Password Management Solution Is Needed!

AS WE ARE SIGNING UP TO MORE & MORE SERVICES, WE HAVE TO REMEMBER MORE & MORE DIFFERENT + COMPLETELY UNIQUE AND RANDOM PASSWORDS….

We realise that is a near on impossible task and we are all guilty of either reusing passwords or a slight variation of passwords to keep track of what we have signed up with. But this is now fast becoming untenable as data leaks are becoming more & more common.

Password / Passphrase Management - Critical

Your business needs to have a more robust Passphrase/Password Management system put in place. Passphrases are the same as passwords but they are long and easier to remember.

Using a document or spreadsheet which contains all your logins is not acceptable in this day and age. You are potentially putting your company’s systems at risk, thus compromising your customer’s confidential data. This is in breach of the Privacy Act 2020 where the principle is to do everything possible to protect customer data by controlling who has access and essentially keep it safe and secure.

Using a shared Google Drive/OneDrive document is not safe in terms of security. A physical notebook with passwords written in it which is stored in your top drawer is easily accessible too. You are not only breaking the law, but you will not be complying with cyber insurance requirements, meaning you are not covered if the worst situation occurs.

Replace Passwords with Passphrases - eg Instead of P455w0rd, something like HeatPumpOnWall111$$$ (4 Words aka Phrase + Capitals, Numbers & Symbols)

As passwords are hard to remember, we would simultaneously replace these with more secure passphrases. A defined passphrase structure with a minimum of 14 characters will be implemented for all logins to all systems. This is a key requirement for insurance policies and is deemed the minimum safe number of characters to use with all your logins. Use Two or Three Words with Uppercase, Lowercase, Numbers and symbols. Think of these as passphrases not passwords so that they can be easier to remember. E.g. iEat4cakes@4pm

No easily guessable or identifiable words will be used in the password eg BusinessName123! would be easy to guess but theoretically meets the 14+ character requirement. Give this a lot of thought and make sure everything is unique.

Password Management Solution: The easy answer to all your password dilemas

Alternatively, let a system create the passwords/passphrases for you.

We propose the rollout of a Passphrase Management system onto all PCs / Devices. This system would be Bitwarden.

There would be a minimum of 2 accounts - director/owner & team (everyone else). The director account would have access to all the passwords for the business, and your team account would only have access to the passwords that they need.

If this structure is not needed, then only one account is required i.e. You have full trust between all directors/staff/contractors.

If more than two accounts are needed this can also be set up - eg Directors, Middle Management, Accounts & Admin, General Team. etc

A password management system relies on a master password so this would be extremely long and would not be written down anywhere. It would need to be memorised by everyone that uses it. Ours is 25 characters long and is complex but we have no problem in typing it out. Once created, you can then tie this into biometrics or Windows Hello for quick access.

Business Systems/Processes updated & documented

To ensure the continuation of these systems being put in place updated and adhered to business processes need to be implemented and maintained.

Eg all new passwords need to be up to minimum standard and need to be documented correctly. Plus, additionally, if the System supports it, MFA must be enabled on the login*

If a team member leaves then the most crucial passwords must be changed.

* We have a separate document and proposal all about MFA.

Why Bitwarden as the password manager?

Bitwarden is a business grand and trusted password manager that complies with Privacy Shield, GDPR, and CCPA regulations. It will allow you to securely store and organise your logins for all of your accounts in one place. It can be installed on any computer, phone, or browser so you can access your accounts from anywhere at any time.

Moreover, if you are working in a team, Bitwarden offers the ability to have multiple accounts linked to the same password vault and segregate access to specific credentials for each user as needed. For example, User A has access to all passwords and User B has access to only a few passwords. These are only some of the many features that Bitwarden has to offer.

Pricing

N.B. We, Computer Clinic, would purchase the system for you so we can set up the backend securely, to the best practices. Note we would not have access to any passwords though.

Pricing explained:

A single-user account is free. However, if multiple Bitwarden Accounts are needed within a company, then these need to be on an Enterprise plan. If you are running Microsoft 365 for your systems, then the Enterprise plan integrates with this, known as single sign-on. Computer Clinic can arrange everything and pass on the exact costs which would be converted to NZD + GST. Ideally, everyone would have their own account to make this system fully manageable. E.g. Say 1 user had a device stolen, we could easily lock their account, disable and remove everything. But if that account was being shared by other users, then they would suffer the same consequences. So not ideal. However, on the flip side, if you wanted to save money, you could share accounts, and if the worst occurred it would just take a different approach/more IT messing around to sort everything out.

Get in contact to go over this further & see if it would work for you in your business.