We are taking things back to basics this month as part of #MeetMYKI, so it occurred to me that it might be worth talking a little about Password Managers.
Apologies to everyone who already uses a password manager for their business and personal passwords, but experience has demonstrated to me that not everyone does.
When I get asked what I do for a living, I usually say I work for a company that works in Identity Management and produces a Password Manager.
Now, this usually shuts down any additional line of questioning and allows me to get back to my drink, but if people ask more questions I have a routine that goes like this…
Me: How many passwords do you have?
Interested Person: About 5?
Me: Would it surprise you to know the average person is expected to remember xx passwords?
Interested Person: It would, I thought it was much less…
Me: Most do, and do you use unique, hard to remember passwords for every service you use?
Interested Person: No, I use the same one or add a 1 to it or something.
Me: Well, this is what we do, we produce a tool that lets you use unique passwords for every application you use and the best part is you don’t even need to know them - they just appear when needed.
Slightly Less Interested Person: Oh, I see. Same again?
I have this conversation over and over again in my personal life. With MSPs it’s less frequent, as most understand the need for a Password Manager. But even in those cases, it hasn't always translated into using one internally in the MSP to help manage passwords centrally. And don’t even get me started on sharing 2FAs.
The bottom line is we are only as strong as the weakest password in our business and personal lives, and there are areas where these worlds collide.
For example, I wonder how many people use the same password for their LinkedIn account as for their company login. I imagine it’s quite a few and it’s a seriously bad idea.
If #MeetMYKI can achieve one thing and educate one person about the need to use a Password Manager for both their personal and business passwords then I think it will have been a huge success.
When you are next speaking to a customer or prospect just ask them how many passwords they use and then you can lead into a talk about using a Password Manager.
It’s not the most glamorous tool you will use, but I firmly believe that having a good password policy is the number one thing users can do to protect themselves from many different types of attacks.