"I needed somewhere to store my passwords, as I have a lot, and they ended up being variations of the same password, which isn't very safe," said Robyn Hewson, the founder of Little Birdy & Co. We can all relate to Robyn when it comes to recollecting our passwords. It turns out, the average internet user has roughly 100 online accounts with corresponding passwords to remember. It’s unlikely that the modern internet aficionado can remember all of that information. That’s why we need technology to help with our passwords.
Apple’s Keychain, Google’s Password Manager, and your browser’s built-in password storage services are all great ways to store log in details in a safe space—relatively speaking. For most individuals, these tools, and a combination thereof, are more than enough.
But what about businesses?
Most businesses use a range of business software and websites that require user accounts. For example, you might have memberships with the local chamber of commerce, as well as professional and industry groups on Meetup or LinkedIn. You might use software like a CRM, spreadsheet, inventory manager, and finance system, while also maintaining accounts for your online store, your supplier’s store, your domain registration website, and your brand's social media channels.
If an individual has 100 personal user accounts, a single business entity will have an additional hundred or more, and that doesn’t even account for log-ins for multi-user products.
A password manager is an online tool that can save and encrypt all your passwords so that only you can unlock them. Some password managers go the extra mile and include features for categorising your passwords into folders or labelling them a certain way to align with your organisational preferences.
Online password managers prevent you from having to remember passwords, or store them in a spreadsheet or notebook. They're also a secure way of managing your business' online activities. Better yet, unlike your browsers’ Saved Log-ins feature, a comprehensive password manager can store all important information in a centralised location so that you can retrieve it even if you don't have your phone or computer on you.
Password managers for teams
When you sign up for a password manager, you often have to create an “organisation” or a “team” within the system. You will then add your team members to the system to start creating and sharing passwords with them. That’s the crux of it. However, password managers can do a whole lot more for teams.
For example, at Zoho ANZ, we share our social media credentials through Zoho Vault. I create a password, say for Instagram, and directly look up team members I want to share it with. However, I can limit the type of access they have to the password. I can allow them to view the password, change it, manage it entirely, or use it for just a single login. If I choose the last option, my colleague won’t be able to see the password, but they can click on a link that will automatically log them into our Instagram profile. I can also do this with folders of passwords, such as a folder for all social media handles or a folder for apps we use for video production.
How to choose a password manager
First, check that it’s built for business. Many password managers are better suited for individual use than use by a business with multiple teams. It’s important that your password manager provides adequate security, including data encryption, permission-based sharing for third-parties, and approvals to access sensitive shared passwords.
Next, consider who'll need to access business passwords during an emergency. Ensure that the password manger will let you nominate trusted team members to access highly-sensitive passwords, even if they normally cannot. For example, if any of your business systems experience a data breach, you’ll need to update passwords of other systems that may be associated with it. In that situation, you should be able to "declare an emergency" and call on your trusted contacts immediately.
Many businesses use multiple software suites, like Zoho One, Google Workspace, Office 365, and Facebook for Work to run their daily operations. Ideally, the password manager you choose should bring all of your suites and their respective apps into the same place so you can instantly log into any system without having to open them up individually. This is called single sign-on (SSO). It ensures that the only password you’ll ever have to remember is your master password—the one that unlocks your password manger.
It's crucial to have a good relationship with your password manager vendor. You’re entrusting them with your business' entire life, and that often includes hyper-sensitive information, such as personal communications and financial statements.
This is why our best advice for choosing password managers is to familiarise yourself with the various options available. Trial a range of apps before committing to one. Use a dummy account for your trial (Some vendors can even offer test accounts). This way, you won't be handing over your business data to every vendor you try. Using fake data may sound exhausting, and yes, it can be, but in the long run, once you've chosen the perfect vendor, you’ll know why exactly you preferred them. And in case your password manager experiences a breach, like LastPass recently did, you’ll know enough about the tool and the company's capabilities to decide whether or not it’s worth continuing your relationship.