No, you’re not. Neither are your employees. Human achievement knows no bounds, but please, let’s leave the job of safest password manager to the software.

86 percent of users—including your employees—keep track of passwords in their head, letting their brains juggle around the strings and characters critical to keeping your company safe. And we aren’t as good as we think we are at managing passwords:

  • 35 percent of users use weak passwords. – preempt
  • 38 percent of users would not be able to quickly restore account information if forgotten – Kasperksy Lab
  • Only 29 percent of users change their passwords for security reasons—the number one reason people change their passwords is because they forgot it – LastPass


OPPORTUNITY: 
Last year, weak, reused, or stolen passwords accounted for 81 percent of hacking-related data breaches. Your small business can’t afford betting on brainpower to fuel your password security strategy.

RECOMMENDATION:  You need to start taking your cyber security seriously, and that means investing in a password manager. In this article, we’ll debunk the brain as a viable password manager, and chart the major offerings of three highly-reviewed password managers on GetApp.com.

 

Here’s what we’ll cover:

17 percent of users use the worst passwords, 47 percent have reused a password for more than five years
59 percent of SMBs have no visibility into employee password practices
What password managers can/can’t do?
1Password  /  Keeper  /  LastPass
Invest in a password manager to help prevent 81% of hacking-related data breaches

17 percent of users use the worst passwords, 47 percent have reused a password for more than five years

Which password manager would you rather have roosting over your important data? The average brain or a password manager software? The differences can be stark. Take for instance the quality of passwords used by your brain vs password manager software:

Your Brain: “P@ssword” “letmein,” “123456″

Password Manager Software: “4gH<;jK –SghY2bVgj :)”

It may seem like this is cherry picking the very worst passwords of humankind. But as gleaned from Keeper Security’s recent research findings , a sizable 17 percent of users are using passwords like “123456” or the plain, bad—”password.” Convenience is a powerful motivator for weak passwords; here’s list of the most notorious passwords of 2017, as aggregated by splashdata.

The reality is the average person—and some not so average people—are using bad passwords. Before Mark Zuckerberg was reaching new heights in cyber security notoriety, he was using his go-to password “dadada.” And who can forget Equifax’s massacre of American security last year, after locking its customer secrets behind the laziest of passwords:”admin.”

undefined

Granted, humans by themselves are capable of coming up with some decent passwords. But a long, complex password has the fatal flaw of being more likely to be forgotten. This leads to the same passwords used, as in the case of 47 percent of users who say they have reused passwords for at least 5 years.

Hard-to-remember passwords force nearly 50 percent of us to jot them down on journals or post-it notes for prying eyes to steal. That or we update passwords without meaningful changes (such as adding a single digit or character), using the same password for multiple services, or forgetting a password and defaulting to something much easier, and therefore, more easily hacked.

Let’s again compare your brain vs password manager software:

Your Brain: Complicated passwords kept on post-it notes—”where that go?” Or memorized for a awhile until—poof!— forgotten.

Password Manager Software: Complicated passwords are encrypted, synced up across devices, and further secured with multi-factor authentication. The added bonus: no diminishing password strength after updates, and no groans when “Please update your password” flashes across the screen.

59 percent of SMBs have no visibility into employee password practices

Password manager software eliminates many of the human issues that cause password vulnerabilities such as:

  • Using simple passwords for convenience
  • Reusing old passwords
  • Using the same passwords on multiple accounts
  • Unsafely storing password information
  • Forgetting passwords altogether

Yet according to a study conducted by Keeper Security and Ponemon Institute, 59 percent of SMBs have no visibility into employee password practices.

If you run a small business which lacks visibility into their employees’ password practices, you’re essentially telling your staff to lock-up after themselves. Most employees are not locking that door.

As presented in research carried out by Pew Research Center, only 12 percent of users say they use a formal password manager. 65 percent of users are relying on their memories to manage their passwords, and by extension, using their fallible memories to manage your small business’ most vital asset: information.

Looking again to findings from Keeper and Ponemon Institute, 50 percent of small businesses suffered a data breach last year. Another terrifying figure is 60 percent of small businesses go bankrupt within 6 months after a cyber security attack; are you willing to gamble your company’s life on your employee passwords?

What password managers can / can’t do?

Password managers CAN:

  • Help create and store and encrypt long, complex, and hard to break passwords easily.
  • Manage access rights in a business to ensure only users with the correct permissions can access accounts.
  • Audit existing passwords for quality and complexity standards, as well as align passwords with their associated services/accounts.
  • Update passwords in the background of the business when required.
  • Offer browser plugins to auto-populate forms and automatically enter logins to websites.

Password managers CAN’T:

  • Operate without the master password. If you lose your master password or ability to verify your account identity with multi-factor authentication, then you’ll lose access to your passwords.
  • Prevent their own data breach and are not immune to cyber security hacks themselves—in fact, password managers are often an inviting target for hackers.
  • Work on all operating systems and devices. You can use older versions of password manager software, but this comes with the tradeoff of not receiving the latest security updates.

1Password

undefined

Founded 2006
Supported platforms Android, iOS, Mac, Windows
Browser plugins Chrome, Edge, FireFox, IE, Safari
Price starting at ~$36/year
Number of clicks from home page to free trial 2 Clicks + Account Setup
Free version Single mobile device (Only iOS/Android)
Browser form fill Yes
Multi-factor authentication No – Uses an account key
Biometrics Face ID, Touch ID, Fingerprint Readers (iOS, macOS, Android)
Slogan “Go ahead. Forget your passwords. 1Password remembers them all for you.”
Notable users Geckoboard, Unbabel, dribbble

Keeper

undefined

Founded 2011
Supported platforms Android, BlackBerry, iOS, Linux, Mac, Windows, Windows Phone
Browser plugins Chrome, Edge, FireFox, IE, Safari
Price starting at 30$/year
Number of clicks from home page to free trial 1 + Account Setup
Free version Yes – Single device
Browser form fill Yes
Multi-factor authentication Yes
Biometrics Face ID, Touch ID, Fingerprint Readers (iOS, macOS, Android)
Slogan “Protect your Company Against the #1 Security Risk with Keeper’s Business Password Manager.” “Keeper DNA”
Notable users Cornerstone Health Care, Siemens, Xenith Bank

LastPass

undefined

Founded 2008
Supported platforms Android, BlackBerry, iOS, Linux, Mac, Windows, Windows Phone, watchOS
Browser plugins Chrome, Edge, FireFox, IE, Opera, Safari
Price starting at 29$/year
Number of clicks from home page to free trial 3 + Account Setup
Free version Yes – Password sharing limitations
Browser form fill Yes
Multi-factor authentication Yes
Biometrics Face ID, Touch ID, Fingerprint Readers (iOS, macOS, Android, Windows)
Slogan “Last password you’ll ever need”
Notable users The New York Times, CIO, NPR, The Economist

Invest in a password manager to help prevent 81% of hacking-related data breaches

Password manager software is a vital investment to help reduce the risk of hacks that find an angle of entry via weak, reused, or stolen passwords. Eighty-one percent of hacking-related data breaches that occurred in 2017 preyed on password vulnerabilities; this trend shows no sign of slowing down.

You should invest in password manager software as part of your small business’ overarching password policy to shore up this critical vulnerability.

The majority of small businesses (65 percent) are not strictly enforcing their password policies, and in these lax security environments employees are not given necessary security supervision to protect critical data and shield system access from outsider threats.

91 percent of employees surveyed know it’s risky to reuse passwords, but 61 percent of them do it anyway. The threat of employee negligence—willful or otherwise—to security policies is a reality you must deal with in your small business. Employees are a point of failure, and must be accounted for like any other security liability in the business.

Recommendations:

1. Allow employees ample time to trial password manager software. Trial 2-3 products, gain user feedback, and survey for which option is preferred.

2. Don’t work against the grain of your employee habits: the most cost effective option or the software choice that management prefers must sit backstage to what product staff members attune to best. It is better to find a security product that users enjoy using to promote compliance and avoid spurring Shadow IT.

3. Your password policy is an integral pillar of your cyber security strategy. Align the two; password management is not a checkbox to mark off every 30 days when regular password updates are due, but a continuous practice to maintain the security hygiene of your business.

 

Methodology

Products identified in this article were shortlisted based on average user reviews data (type: overall rating) aggregated from GetApp.com. Eligible reviews data is published by users whose disclosed company size is less than 200 people / published review between April 2016 – April 2018.

Learn more about small business cyber security