Are Password Managers Safe for Businesses?
In today’s business climate, cybersecurity is more important than ever. With threats like ransomware, password theft, and phishing on the rise, applications used to store, manage, and protect employee passwords are in high demand. Password management software is among the most effective security tools available for businesses of any size, but are password managers safe?
Are password managers really safe?
There are myths about business password managers based on incorrect or outdated information that might lead one to question their safety. Below, we’ve busted those myths for you.
Myth #1: Password managers are difficult to use and manage
This is certainly not the case. By generating, storing, and autofilling strong, complex passwords for employees, a password manager minimizes time-consuming, tedious password entry and memorization. Intuitive dashboards and scoring tools also make password managers easy to use for IT teams.
Myth #2: Browser password managers are just as good
Although most leading internet browsers include their own built-in password managers, there are many reasons why employees shouldn’t let browsers save passwords. Storing your passwords in a web browser, such as Chrome or Safari, is very convenient, but it can also be risky when web browsers don’t encrypt that information. When your logins aren’t encrypted, a crafty cybercriminal can find ways to remotely retrieve them and access your accounts.
These browser password managers also lack many other features that improve security and efficiency, like safe password sharing and automatic syncing of passwords between devices. Browser password managers also make it harder to provision or deprovision resources when employees join or leave, since they don’t provide visibility into what apps employees are using.
Myth #3: Password managers don’t improve security
Quite the opposite. When employees create and store passwords on their own, they can become overwhelmed by the number of passwords and slip into bad habits (like reusing passwords or creating weak ones) that give hackers access to multiple accounts. Since password managers are so easy to use, they also improve security by eliminating time-consuming and inherently less secure password maintenance practices, like using spreadsheets to store long lists of passwords.
Dashlane’s password manager also uses 256-bit AES encryption and 2-factor authentication for additional protection. IT teams can breathe easier knowing employees are using a password manager to store their passwords in a safe, encrypted vault.
Myth #4: Password managers don’t protect your security during a breach
Once a security breach has occurred, information will be stolen whether I use a password manager or not, right? Wrong. A good password manager encrypts passwords locally (on the device). If a hacker were to enter the vault, they would only find indecipherable encrypted information and would need access to both your device and your master password to make any sense of it.
For example, if you used a password manager to generate and store your Facebook password, and a security breach occurred at Facebook, your encrypted password could be compromised, and the password would need to be changed right away. However, since you were using this password for only one account, and the data was encrypted, the security risks would be minimized and the impact on other accounts would be non-existent.
Can password managers be hacked? Potentially. But even if Dashlane is breached, your data is still safe. That’s because it’s stored and encrypted, so anyone who potentially hacks Dashlane still cannot access your data.
Myth #5: Password manager companies can see my data
The best business password managers are designed so that no one can access any of the data you’ve stored in them, including your master password. Not your boss. Not the password manager company. No one.
Dashlane’s password manager uses advanced zero-knowledge architecture—a design approach that encrypts and stores data in a way that prevents even Dashlane from accessing it.
What password managers do
So, just how secure are password managers? To answer this question, it’s important to understand the basic functions of a good password manager and what they do for you and your employees. Good password managers:
- Help you generate strong passwords that are difficult or impossible for hackers to guess: Employees no longer have to spend their time and creative energy creating and updating passwords—the password manager does it for them.
- Allow you to store all your passwords in a safe location: Let’s face it, post-it notes on monitors and lists of passwords sitting in unlocked drawers don’t qualify as safe. Password managers create secure vaults to store your password data, typically in well-protected hosted cloud locations.
- Allow employees to autofill passwords: Once an employee enters their master password, complex passwords stored in the secure vault are conveniently autofilled as needed. A well-designed autofill feature also promotes adoption throughout the company, which is important for overall password health and company security.
- Use encryption: Data encryption using an algorithm to scramble passwords and improve cybersecurity should be considered a must-have feature for business password managers. Dashlane utilizes AES-256 encryption, widely accepted as the strongest encryption type available.
- Securely store other sensitive info: With the same software and technology used to store and autofill passwords, a full-featured password manager will also provide an option to recall other frequently used information, like credit card numbers. This makes tasks like online shopping and travel reservations more convenient and more secure.
- Allow you to sync across all your devices: Many employees juggle a combination of PCs, laptops, tablets, and cell phones to complete their assignments and communicate with coworkers. A good cloud-based password manager, with data stored on highly secure and regularly audited cloud servers, can easily sync across all of an employee’s devices.
- Enable secure sharing of passwords: Password sharing between employees is sometimes necessary. Dashlane’s password manager enables password sharing and 2-factor authentication (2FA) codes for shared social accounts and onboarding purposes with encrypted, secure sharing features.
- Monitor the dark web: Cybercriminals typically sell stolen data in the murky depths of the internet. That makes password management solutions that scan the dark web for employee logins extremely useful. Dashlane’s dark web monitoring service alerts subscribers instantly when their information is detected.
- Include SSO: Single sign-on (SSO) allows users to sign in just once, then access multiple apps or platforms with no additional logins. SSO technology improves efficiency and the user experience without compromising a company’s cybersecurity.
- Include a VPN service: Employees may need to access applications from airports, cafés, hotels, and other public locations. A VPN service to encrypt traffic coming in or out of their devices gives them access to geo-blocked content and protects them from hackers who rely on public WiFi to intercept data. Dashlane offers a secure VPN service on our Team and Business plans.
What password managers don’t do
While the technology behind stand-alone password managers continues to improve, there are still a few things they don’t or won’t do for you (at least not yet). Password managers won’t:
- Remember your master password: Password managers don’t require employees to remember many passwords—but they do have to remember one. The master password is the key that unlocks all accounts, so it should be unique, complex, and closely guarded.
- Detect and remove malware for you: Viruses, worms, and ransomware are among the many forms of malware that can infect your device and disrupt its function. Although malware protection is an important aspect of cybersecurity, this capability is not included with a password manager.
- Monitor your browsing habits: The zero-knowledge architecture used to keep your information private is part of a broader commitment to user confidentiality. Unlike other websites, browsers, and software packages, Dashlane’s password manager will never capture or monitor browsing history, IP addresses, or any other customer data.
- Build a security-first culture for you: Password managers with built-in tools to track password health scoring can improve the security culture, but everyone from senior management down must do their part to sustain it. Each employee is responsible for creating, maintaining, and sharing strong passwords to keep a firm lock on company data.
Mistakes to avoid when using a password manager
Avoid these common pitfalls to keep the implementation and ongoing use of a password manager as safe and secure as possible.
- Choose a password manager based on cost alone. With a data breach potentially costing a business millions of dollars, the price of an independent password manager pales in comparison to the benefits it provides. A password manager should be selected based on the security features, user interface, and additional services offered, not just the price.
- Allow employees to continue using built-in browser password managers. To fully realize the security benefits of a password manager, employees must adopt the tool and eliminate poor password management practices. Continuing to use a built-in browser password manager once you’ve installed an independent password manager is a bit like locking the front door while leaving the back door open. Fortunately, people can erase the passwords saved in their browsers.
- Skip 2-factor authentication. 2-factor authentication (2FA) provides an extra layer of security for your account beyond just a username and password. It requires a second credential, in addition to your password, for you to gain access to your account. Whenever 2FA is available, enable it. Authentication apps like the Dashlane Authenticator provide a simple way to enable multifactor authentication (MFA) for your accounts.
- Use weak master passwords. One of the biggest risks of a password manager is the potential for a compromised master password. Employees should never choose a weak password as their master password. These passwords are the lone potential gateway to an employee’s secure data, so it’s well worth the time and effort needed to create a strong and original master password. But with 2FA, there’s always that second layer of defense should a password get compromised, so the risk can also be mitigated.
Password security tips to use with a password manager
Once your password manager is up and running, follow a few additional practices to ensure your investment is being maximized:
- Educate employees on the benefits: Using a password manager might initially seem burdensome to some employees. To improve adoption, employees should be educated on the benefits of good password hygiene. In addition to protecting the company from hackers, strong password hygiene eliminates the need to remember and reset passwords. On the flip side, poor password hygiene increases employees’ vulnerability to cybercrimes, and repeatedly forgetting and resetting passwords results in wasted time.
- Implement password health scoring: Tracking password health for individuals and the organization overall reinforces a culture of cybersecurity. When employees are aware of their own weak, compromised, or reused passwords and their contribution to the password health of the company, they feel more engaged in the process.
- Supplement your security profile: A password manager is just one important slice of the cybersecurity pie. Anti-malware software from a reputable supplier, along with optional VPN and dark web monitoring services from Dashlane, add more depth and protection to your security profile.
- Create a clear password policy: A password policy is a set of best practices and rules related to password use for business accounts. This policy empowers employees to proactively improve their own security habits by following the standardized process you’ve established to optimize security.
Choosing the right password manager
Is it safe to use a password manager? Absolutely. While there are potential downsides to implementing a new tool for your business, you can avoid many risks and shortcomings by choosing the right password manager. A popular choice for businesses and individuals, Dashlane features the highest available level of encryption, a VPN, dark web monitoring services, and user-friendly autofill and SSO features that encourage adoption.
As your business grows, so does the complexity of your team and your exposure to cyber threats. Dashlane’s password manager helps you safeguard sensitive company information and your brand reputation while boosting employee productivity.
Find out if Dashlane is the right password manager for your business: Start a free trial.
- Security Magazine, “Phishing at all-time high; 1 million attacks in Q1 2022,” June, 2022.
- Dashlane, “Why Employees Shouldn’t Let Browsers Save Their Passwords,” March, 2021.
- Dashlane, “A Deep Dive into Dashlane's Zero-Knowledge Security,” 2022.
- Dashlane, “What is Encryption?,” March, 2019.
- Dashlane, “A Beginner’s Guide to Two-Factor Authentication,” August, 2022.
- Dashlane, “How to Shine a Light on the Dark Web,” June, 2022.
- Dashlane, “SSO Technology Overview & Integration With Dashlane,” September, 2022.
- Dashlane, “Why Do You Need a VPN? Don’t Miss These 3 Key Benefits,” August, 2020.
- Dashlane, “What the Hack Is Malware?,” Dashlane, 2020.
- Dashlane, “This Is How You Build a Security-First Culture at Your Company,” March, 2021.
- Dashlane, “How Strong Is Your Password & Should You Change It?,” August, 2022.
- Dashlane, “Data Breach or Hack? Know the Difference,” June, 2021.
- Dashlane, “A look at Password Health Scores around the world in 2022,” 2022.
- Dashlane, “Creating a Password Policy Your Employees Will Actually Follow,” July, 2022.
- Amazon, “What is Cloud Storage?,” 2022.
Sign up to receive news and updates about Dashlane
Thanks! You're subscribed. Be on the lookout for updates straight to your inbox.