By Pawani Vaddi

Pawani Vaddi

This question for this edition of “Ask a Security Expert” comes to us from Matt Wilmot, who asks, “I find that password management is a common security flaw with many clients. What lightweight solutions are out there for MSPs to manage this issue for clients?”

Passwords have been a point of contention for MSPs – as well as their small and midsized business clients – for years. A seemingly simple problem of poor password practices and password reuse still represents a major security risk for organizations. In fact, according to the 2019 Verizon Data Breach Investigations Report, passwords continue to be one of the weakest links for companies, with 32% of the reported breaches involving phishing and 29% involving the use of stolen credentials.

For many organizations, juggling the hundreds, even thousands, of login credentials they use on a day-to-day basis can be extremely challenging. Using the same password repeatedly or storing passwords in an unsecured document poses a major security risk. The best solution you can offer your clients that is both convenient and secure is a password manager.

A password manager is exactly what it sounds like – an application that manages your organization’s passwords. It produces, retrieves and keeps track of all the long and complex passwords that you have, protecting them with strong encryption capabilities. All a user has to do is remember the one password to get into the application.

Mitigating Security Risks

Some argue that with a password manager you’re putting all your eggs into one basket. This may be true, but if you’re already only using one password for all accounts or are keeping all your passwords stored in one place, your eggs are already in one basket. So, why not store them in the most secure basket possible?

Some of the ways that a password manager can help you avoid security risks include:

Improving Password Security Hygiene

Unless you have a photographic memory, with the ability to memorize hundreds of complex and random passwords, a password manager is necessary for both you and your clients to practice better password hygiene and overall computer security hygiene.

As technology continues to advance, there will be more options for streamlined password management, including the potential for biometric authentication that doesn’t require traditional passwords at all, instead relying on users’ fingerprints or eye retinas to login. Other forward-looking technologies like behavioral biometrics can also recognize the unique way a user types or even moves their mouse to confirm identity.

The traditional password won’t exist forever. But until passwords go the way of the dodo, password managers are here to help you manage today’s authentication woes.

Pawani Vaddi is a product manager for the consumer segment at Webroot and has spent more than six years in the cybersecurity industry. Her primary focus is on emerging consumer technology and its impact on users’ privacy and security. Follow Pawani on Twitter @Webroot or on LinkedIn.