Your business uses passwords for countless applications, devices, and online activities. However, passwords are known to be a major source of data breach in companies. They are often forgotten and expire, and become compromised in the process of resharing.
IT or security managers, who are responsible for managing, recreating and sharing passwords, must know safe ways to send passwords to employees. Here are some best practices to follow to ensure your company data remains secure while you communicate passwords when required.
Passwords need to be strong. That means ensuring they adhere to password best practices for length, complexity, and many other factors. But it doesn’t matter how strong a password is if it doesn't stay secret.
This might seem obvious, but you have to be careful. Employees can be careless with security practices and help desk admins are vulnerable to social engineering schemes. Systems can be compromised, and data breaches may expose credentials.
According to GetApp research, a lot of employees tend to forget their passwords and resort to questionable ways to remember one. A huge 60% of people use the same password for multiple accounts, without realizing that reused passwords are the most vulnerable to cybersecurity risks.
Moreover, about 22% employees admit to writing passwords down on paper, 19% say they use an online version of Microsoft Word or Google Docs to save passwords, and about 41% say they use personal information, such as date of birth, to create memorable passwords (you can find our methodology at the bottom of this page).
With employees indulging in unsafe password management practices, clearly, your business is already fighting an uphill battle when it comes to securing passwords. However, knowing your ‘not to dos’ and equipping employees with password management tools can help reduce security risks.
Let’s go ahead and rule out a few options. You want to avoid any transmission that could be intercepted, which means emails and text messages are no longer viable choices.
Emails often consist of plain text (i.e., not encrypted) and are commonly relayed from server to server across multiple networks before arriving in your inbox. Even after they’ve been deleted, email files may continue to live on in various servers across multiple providers.
Email servers and accounts can also be hacked. Consider the 2013 Yahoo breach, which impacted more than 3 billion accounts and still stands as the largest data breach in history. Moreover, emails can be intercepted between sending and receiving. And even if your email provider says it encrypts messages on their servers, the email might not remain encrypted during transit or on the servers of the recipient’s email provider. Therefore, emailing is one of the most unsecure ways to send passwords, and must be avoided in all circumstances.
Text messaging technology, also known as short message service (SMS), has been around since the mid-80s and is generally not secure. When you type a message into your mobile device and press send, it bounces across cellular towers and may be stored on multiple providers’ networks.
Much like email, a text message might be encrypted during some of its journey, but probably not all of it. For these reasons, text messages are also a poor choice for sending two-factor authentication (2FA) passcodes.
This is not to say that there aren’t secure messaging platforms or privacy-minded secure email services that offer end-to-end encryption. There are. But, ultimately, you need a scalable solution that is purpose-built for the task of securely communicating a password.
It’s never been more crucial to have a secure way to organize, maintain, and distribute passwords, particularly with the rise of remote work and the need to remember even more usernames and passwords for newly adopted software. That’s where password manager apps shine.
Password managers are specifically designed to store usernames and passwords for all of the websites and applications your employees use every day to help protect sensitive data and secure confidential information. In most cases, a user only needs to log in to the password manager account to gain access to a secure vault containing all of their credentials and access to business applications and websites.
Password managers also improve your organization’s security hygiene. If an employee is opening a new account or simply needs a password reset, a random and highly secure password can be generated automatically. You can also set rules to ensure security policies are followed (e.g., prevent employees from using the same password for multiple accounts) and implement enhanced security measures such as 2FA or biometric authentication. You can also set an explicit and detailed password policy to ensure that every employee uses strong passwords and follows security regulations (full report available for Gartner clients).
Password manager apps make sure employee credentials are protected with strong encryption and stored safely in the cloud—rather than on a note attached to their monitor. In the end, the best way to send passwords securely is to use a password manager so you don’t have to send them at all.
GetApp’s 2021 Data Security Survey was conducted from August 20 to August 24 among 973 respondents to learn more about data security at U.S. businesses. Respondents were screened for full-time employment and 90 identified as their organization’s IT security manager.
Explore by topic