Four risky ways staff record passwords in businesses – and why you will regret allowing them

In the modern tech enabled world, most office workers now have more passwords to use than they can remember.  If they do not, they are likely committing the grave error of using the same password in more than one system – something that they and your business will live to regret.

Most firms still have not deployed dedicated password management systems and, in many cases, have left their staff to determine how they wish to store their passwords. In this blog, we’ll discuss some common password storage methods used by office workers and explain why they pose a significant risk to your business’ cyber security.

Writing passwords down on a piece of paper

There is an argument, which carries some weight, that a password written on paper cannot be stolen by a cyber criminal. This may be true, but there are many other ways this can fall into the wrong hands. Paper can be easily lost, stolen, or damaged or be viewed by someone you would not wish it to be.  If someone records all their passwords in a ‘password book’, the keys to all your systems are there in one place, ready for someone to pick up or to be left in a café or on a train.

Keeping passwords in a spreadsheet or document on your computer or in the cloud

Storing passwords on your computer or cloud storage may be far more convenient than storing on paper and appear more secure too. However, it is very dangerous and is a sure fire way to gift your passwords to a cyber criminal.  To start with should you be unlucky enough to have a malware attack on your computer, one of the first things an attacker will look for is a password file – and they will find and steal it in seconds, no matter what you name it.  Adding a password to it will not help much either – this is simple for a cyber criminal to crack.  Moreover, if you store such a file in the cloud, it could sync to multiple devices, thereby increasing your risk.

Using the password vault in your web browser

A web browser-based password vault, such as that found in Google’s Chrome browser may seem like a way of having a password manager without having to spend on an additional subscription. However, the levels of encryption, which protect your password data, are nowhere near as strong in a web browser based password vault and there is an increasingly common malware attack which can steal web browser stored password in seconds, should the unfortunate victim inadvertently browse to a compromised website. There are also a number of important security features in dedicated password management systems that browser based vaults lack.  In short, if you are not paying for it, it’s unlikely to do the job properly.

Using the same, similar or sequences of passwords for different accounts

Finally, as discussed at the beginning of this article, using the same password for your accounts, or minor variations or number sequences of it is asking for trouble. If one of your accounts is compromised, either through password theft or a website hack (which may be completely out of your control), a hacker could quickly gain access to all your other cloud-based accounts, even if the passwords aren’t identical.

Many firms may consider spending a monthly fee on a password manager to be an unnecessary luxury or a gadget that no one will use However, this cost pales in comparison to the potential cost of a major breach, and with one in three businesses experiencing a cyber attack each year, a password manager is now an essential tool for keeping your business safe.

To learn more about how a password manager can protect your business, read our blog article or call our team at 0330 124 3599 for a demo.