Business News Daily receives compensation from some of the companies listed on this page. Advertising Disclosure

See if your business is eligible for a tax credit of up to $26K per employee!

Call Now: 866-834-1218

Why SMBs Should Use Password Managers to Increase Security

Jeremy  Bender
Jeremy Bender

Ditch the Post-it Notes and securely store and manage your organization's online credentials.

  • Individuals are tasked with remembering an ever-increasing number of passwords for personal and professional use. 
  • Having to remember a slew of passwords poses a significant security risk for your employees, clients and company. 
  • Reused and insecure passwords create vulnerabilities that allow cybercriminals to access company data. 
  • This article is for business owners and IT managers who want to boost their organization’s password security with a password manager. 

Internet users are expected to remember potentially dozens of personal passwords for daily activities such as checking email and logging in to bank accounts. In fact, security company NordPass found that the average user has 70 to 80 passwords connected to business and personal accounts. In addition to being annoying, managing dozens of passwords is a security risk for businesses, employees and clients.  

Even worse, a 2020 Ponemon and Yubico survey found that 50% of IT professionals and 39% of individual users reused passwords across workplace accounts. If a hacker gets their hands on one password, it simultaneously puts multiple accounts at risk of data breaches and cybercriminal intrusions. [If you have already been hacked, see our guide for how to recover from a data breach.]

By using password managers, organizations can limit the risks that result from password reuse. We’ll explore password managers and how they can boost your business’s cybersecurity

What are password managers?

Password managers are applications that store and manage online credentials; they can also generate passwords for online and offline use. Unlike other password storage methods, password managers can sync login information across devices, including employee-owned devices, so you can utilize the same password manager on your phone, personal computer, business computer and other devices. [Related article: What Is BYOD (Bring Your Own Device)?]

Additionally, some password managers allow users to securely share login information for a selected service, which can be helpful for shared business resources. 

One of the most valuable password manager features is the ability to generate and save strong passwords each time a user creates a new account for an online service. This feature guarantees that users employ unique, secure passwords, thereby significantly increasing the security of online accounts and the information stored in those accounts. 

Password managers typically store passwords within encrypted databases behind a master password. Users create a single, strong passphrase that secures all of their other passwords. [Ready to choose a password manager? See our picks for the best single sign-on services.]

Key Takeaway

Password managers help prevent and avoid network security threats by securely storing and managing credentials for online and offline applications. Password managers can also generate and share login credentials.

Why should I use a password manager? 

Password managers significantly boost password security, the cornerstone of overall cybersecurity. Password managers directly address password security problems, such as password reuse and weak passwords. 

Here are some of the top benefits of password managers: 

1. Password managers prevent a ‘domino effect.’ 

The average internet user’s information has been exposed 3.2 times in online credential data breaches, according to a 2021 report by cybersecurity company FYEO. However, because of password reuse across accounts, the actual exposure is likely far greater. 

Because of such password reuse, every password breach effectively starts a “data breach domino effect,” according to cybersecurity company Malwarebytes. Once cybercriminals gain access to a single breached password credential set, they will use automatic tools to check the login combination across a wide swath of the internet, including financial institutions, social media sites and business accounts. [See our tips for securing your business’s social media accounts.]

Weak passwords also cause a host of security problems. According to the FYEO report, cybercriminals can crack 92% of the top 100 passwords within 60 minutes. Even worse, 65% of the top 100 passwords are vulnerable to almost instantaneous cracking. This means that multiple online accounts that technically use unique passwords are still vulnerable to cybercriminals. [See our guide to creating strong passwords.]

Did You Know?

According to Verizon’s 2021 Data Breach Investigations Report, 61% of data breaches involved the use of credential data.

2. Password managers help prevent phishing attacks.

Many password managers have autofill options that automatically fill in user credentials on a saved website. This automatic credential entry can help mitigate phishing attacks, since a phishing site, no matter how well it’s created, will not match the saved URL within the password manager. 

While password managers are not perfect solutions for preventing phishing attacks – and can’t prevent phishing emails that deliver malware – they can be a significant component of a business’s broader anti-phishing strategy, which also may include choosing the right antivirus software. 

3. Password managers increase efficiency.

Aside from the cybersecurity benefits, password managers can help organizations and individuals increase their overall efficiency. Saving passwords in one central location can help save users time by avoiding the “reset password” system or the process of repeatedly guessing passwords, which often leads to account lockouts and associated downtime. 

Password managers can also generate strong, unique passwords for each new account. This ability takes the guesswork out of creating new passwords, speeding up new-account creation.

Are password managers safe?

Password managers are specifically designed to be safe and secure. Most password managers use U.S. government-grade computer encryption to store passwords. This means that if a cybercriminal ever breached a password manager company, which has indeed happened, they would not be able to decipher or use any of the stored passwords. 

A more likely threat involves a cybercriminal targeting a specific user’s password manager application. They could do this by installing a keylogger – malware that records a user’s keystrokes – on the user’s computer or by guessing their password manager passphrase. (A keylogger infection can steal passwords for any site a person visits, regardless of whether they have a password manager in place.) 

Individuals and businesses can take measures to boost their password manager’s effectiveness and overall security, including the following: 

  • Install antivirus software. There are many excellent antivirus applications, including free antivirus solutions for businesses
  • Use cybersecurity tools and best practices. To improve your business’s cybersecurity, perform a cybersecurity audit and properly train your employees. Learn more about cybersecurity best practices in our cybersecurity guide for small businesses.
  • Use a strong passphrase for the password manager. The stronger the passphrase is, the more secure the application is against a cybercriminal attempting to hack it. 

To ensure your antivirus software is really protecting your business, keep it up to date and monitor insider threats and compromised devices.

What else can I do to keep my accounts and passwords safe? 

Password managers are an extremely valuable security tool and an excellent first step toward password security for businesses and individuals. However, as with everything else in cybersecurity, it’s best to layer defenses and never rely on a single system for security. 

Owners and IT managers should implement multifactor authentication (MFA) on all accounts whenever possible. MFA makes it extremely unlikely that an attacker will be able to break into an account with your credentials. Use authenticator applications or physical security tokens for MFA instead of text-based MFA systems, as texts can be intercepted. 

Image Credit: Poike / Getty Images
Jeremy  Bender
Jeremy Bender
Staff Writer
Jeremy Bender is an experienced writer, researcher, reporter, and editor with a decade of experience in the digital media and private intelligence industries. He previously reported on geopolitics and cybersecurity for Business Insider's Military & Defense vertical, before becoming the vertical's editor. More recently, Jeremy has worked as a threat intelligence editor at the Business Risk Intelligence company Flashpoint and as a security intelligence writer at NTT Security, where he covered topics such as ongoing cyber attack campaigns and critical threat intelligence.