Why Consumer Password Apps Increase Security Risk For Companies

Why Consumer Password Apps Increase Security Risk For Companies

Your employees are already using password apps at home and on their phones. You probably use them yourself. It’s convenient when your web browser saves passwords. Yet it is worth taking a step back and considering whether these convenience-oriented password apps are fit for purpose.

What Is The Goal of Consumer Password Apps?

When you look at password apps for consumers and home users, certain priorities become clear. For example, end users want low prices and simplicity. They have no interest in reporting, password policies or oversight. Just take a look at a recent review of significant password managers: The Best Password Managers for 2019. Secure sharing is a popular feature for consumers. However, such an activity would not be a good fit in an enterprise environment.

Further, some of these apps have non-password management capabilities (e.g. save your credit card and address) that help consumers. Storing such data for employees introduces additional privacy headaches that are best to avoid. For these reasons and more, using consumer-oriented password tools is not the right solution for companies.

Why You Need To Focus On Your Password Management Program Before You Choose Password Apps

When you look at the range of password apps available for companies, you might want to leap into analyzing features right away. However, that is a mistake. Instead, it is more useful to look into your overall program and policies first. If you choose a password app first, it may constrain your IT security policy too much.

What Do Companies Need In Password Management?

For your password management program to be effective, a few guiding principles are needed. We recommend exploring the following points in your organization.

  • Roles and Responsibilities. Describe password responsibilities for end users, managers and IT. This part of the policy emphasizes that everyone in the organization has a role to play in security.
  • Password Protection. Define restrictions and guidelines for employees to protect corporate passwords (e.g. prohibit the use of non-company-issued password software). Allowing third-party password tools in your company introduces new risks, so such actions should be discouraged.
  • The Role of Multi-Factor Authentication (MFA). Adding MFA to your password program is a way to improve security. For instance, using MFA to protect executive accounts is a smart move. However, mandating everyone use MFA for all systems may hurt productivity, so a thoughtful approach is needed.
  • Password and IT Security Training. A strong password, on its own, is not enough to deliver robust security protection. Therefore, you need to consider how password training is provided to employees.

Now that you have considered some of the significant picture password issues, you can look at password systems thoughtfully.

Develop Your Password App Selection Criteria

To make a smart choice, develop three to five buying criteria for your password app. Here are some of the requirements we recommend using.

  • Reporting. Your senior management wants proof that you are managing IT security effectively. That’s why you need robust reporting tools. Besides, certain corporate functions like compliance and audit may require reporting features to achieve their goals. If you can automate some or all of your monthly and quarterly reporting, that is an excellent way to boost productivity.
  • Password Policy Enforcement. Writing down a password policy is pointless if you lack a process to enforce it. Further, you also want the flexibility to implement complex passwords. Make sure your password app does not compromise your work.
  • Password Reset Capability. If the password app makes it difficult or time-consuming to obtain password resets, employees will quietly rebel and complain about IT. That’s why we suggest testing the speed and ease of use for password resets before you buy.
  • Pricing. You need to be able to get password app pricing you can understand easily. For example, what happens if your company expands and has new users onboard? Your password app should comfortably accommodate that need.
  • Employee Experience Factors. Your end users have been conditioned by Apple and other companies to expect a simple user experience. Therefore, look for a password app that is easy to choose.
  • Productivity. In the past, IT security apps did not always improve productivity or save time. However, IT security chatbots are starting to change the possibilities. Such services save time while preserving IT security.

Developing Your Management Processes After Implementing A Password App

Installing a password app will help your company detect and prevent some security problems. However, your systems and apps are only as good as your people and processes make them. That’s why we suggest building out an IT security program to instill pro-IT security behavior in your organization. To kick start your brainstorming process, sit down with a few IT managers to consider these questions.

1) Do we set the right “tone from the top” regarding IT security and passwords?

Ask your executives to comment on the importance of robust IT security practices. Until they reinforce it, employees may think IT will handle all security matters.

2) What reports do you have for management review?

There is only so much your IT department can accomplish on their own. Therefore, we suggest involving your non-IT managers in IT security. To do that, you need to give them easy to use IT security reports and bulletins so they can guide their staff.

3) What guidance and training are provided for new hires?

A new hire cannot be expected to know or follow your IT security requirements unless you explain them. If your initial training guidance needs a refresh, take a look at our password training for employees tips. For the best results, we recommend offering “refresh” training to employees regularly over time as well. If you never reinforce password requirements, you are likely to see a decline in follow-through.

4) Do we have the right IT security software solutions?

The IT security apps you have today might not be enough a year from now. For example, your managers may become overwhelmed with setting up user access. In that situation, you may need a solution like Group Requester.

Now you know what to say to employees and managers when they ask you to introduce simple password apps.

Written by Nelson Cicchitto