Skip the Post-It: Why Password Management Software Is Necessary
At 9 Clouds, we view ourselves as partners to the companies we work with and try to reflect that in everything we do.
And because we aim to be trusted partners — always an asset and never a liability — we are especially focused on being good stewards of sensitive data.
It’s our job to ensure a client’s data is safe, but the protections we take aren’t unique to an agency. These are measures every individual should take for both their business and personal accounts.
Why Password Protection Matters
As chief technology officer at 9 Clouds (and with a background in NAVY cryptology), it’s my job to be paranoid — to anticipate potential weaknesses and prevent any breaches to security before they can happen.
Passwords are the digital keys to your business.
Anyone with your credentials has the ability to operate as your agent, whether that’s a well-meaning agency like us or a bad actor looking to exploit you.
It is critical those passwords are controlled and limit access to those who need it.
You wouldn’t give a stranger the keys to your house or your storefront, but failing to use password protection is the digital equivalent of leaving copies of your key on the front stoop.
What Not to Do with Your Data
Okay, no shade on anyone reading this, but a Post-it note on your desk is a terrible place to keep a password. Saving them in a spreadsheet, document, or any other unencrypted text isn’t much better.
Maybe you’re using the password storage feature on your web browser. While this is a step up from the Post-it note for sure, it’s not something we recommend.
Here’s why: When your password is stored in any single browser, you’re limited to that browser. If you create anything for your business (ads, blogs, landing pages, email), you should be checking your work in more than one browser to be sure the quality is consistent across browsers.
This can lead to you copying and pasting passwords into multiple browsers, creating more potential points of security failure. Anything on the clipboard can mistakenly be pasted where it doesn’t belong.
That’s inconvenient if you catch it, and potentially detrimental if you don’t.
For those of you with at least one other person on your team, you’re creating even more security issues (and inefficiency). Where does everyone go to get the passwords? That spreadsheet? How many browsers and clipboards do your passwords sit on? This scenario creates more points of failure.
Don’t worry. There is a solution.
How to Protect Your Information and Save Time
A good password manager can help solve for a lot of these problems, providing both increased security and added convenience for you and especially your team.
If implemented correctly, a proper password manager:
- Provides end-to-end encryption, ensuring your data is stored safely and isn’t exposed to anyone it shouldn’t be (including the provider of the password manager software).
- Offers convenient sharing to others within your organization, with revokable access as your team changes.
- Features seamless synchronization, meaning whether you’re switching browsers or sharing with your team, passwords are always up to date and accessible. This eliminates the need to transmit passwords outside of the secure password manager.
- Works on all browsers, so people can work where they’re most comfortable (for instance, I use Vivaldi. Most of our team uses Google Chrome, and some of us use Safari. I guess someone could use IE or Edge if they wanted to 🙃).
- Can fill forms directly, eliminating the need to copy and paste.
There are a lot of password manager options out there. In my experience, it’s important you use one. Which one you choose matters less.
Just get your passwords off the Post-it!
But if you’re looking for a specific recommendation, we use BitWarden at 9 Clouds, and we believe it’s a great tool at a fair price.
For most individuals, a free account is more than adequate. For even a small team like ours, the cost of a paid account is minimal when compared to the value it creates. Larger organizations have the ability to host the service themselves, removing need for a middleman for synchronization.
While You’re At It, Implement Multi-Factor Authentication
Multi-factor authentication (MFA) is what it sounds like: you have to authenticate your login to a platform in more than one way — or more than just using a username and password.
We recommend using code generator-based authentication, not SMS-based (having the platform text you a login code). SMS is an outdated and insecure protocol. It’s better than nothing, but not better than anything else.
Google Authenticator is a very popular authentication app, but the tokens used to generate your security codes are not backed up or synchronized anywhere, so if you change devices (like get a new phone), you’ll lose those codes and have to set it up again. Authy is a popular option that can sync across devices.
If your first thought is that this is all a big hassle, take a step back and consider how important keeping your online security and identity secure really is. With MFA, even if someone does get your password, they’ll be unable to log in to that account — keeping your data (and your clients’ or customers’ data) secure.
Maintaining MFA is a critical feature to help protect your identity in a time when security and privacy are at a premium — and under unprecedented threat.
Why 9 Clouds Cares
Beside the fact that we use these measures to keep our client’s data safe, we genuinely care about educating other people on how to keep their own data safe. We love education so much, we put it in our manifesto!
Review our education library to learn more ways to improve your marketing efforts and create efficiency for your team. And when you’re ready to take the next step and work with us, start with a free digital marketing assessment to see what opportunities your business could have with digital.Get Your Digital Marketing Assessment »