Why Your Company Needs a Password Management Policy

by Joanna Pineda Posted on March 19, 2014

Last week, we contacted a client to coordinate a site server upgrade, which required a DNS change. The response we got was a little alarming. The client’s IT Director had left and nobody knew where the password to their DNS registry was kept. Ouch. I had lunch with a friend who said he keeps passwords in Outlook. Another friend said she has an Excel spreadsheet on her desktop. Eeek.

Passwords are the trickiest things. These days, we need them to be long and difficult to crack, they need to be unique across systems, and they are ubiquitous because everything needs a password. We read a lot about personal password management, but what about corporate password management?

Think your organization doesn’t have a lot of passwords? Think again. Chances are, your organization has passwords to:

Online financial and payroll systems
Payment processors
Social media sites
Sites where you purchase equipment and supplies
Web hosting and DNS passwords
and on and on and on

Where do you keep all these usernames and passwords, how do you manage them and who has access? Is your organization at risk if someone in a key position leaves and either takes the passwords with them OR leaves you without a clue as to where the passwords are kept (or not kept)?

Don’t panic. Here a few things you can do to get started with a company-wide password management policy.

Identify the company-wide accounts that need to be accounted for.
Determine who has this information and collect it.
Come up with a system for storing and limiting access. The system could be as simple as 2 people have access to a notebook where all the passwords are kept and everyone in the organization knows to give their passwords to these folks.

Here at Matrix Group, we used to use KeePass to manage our company passwords. We had multiple KeePass databases, including one for the services team, one for IT, etc. But we’ve outgrown KeePass because we need more granular access management. So we’ve implemented Secret Server, which is software that helps companies store, distribute, change and audit passwords. Some passwords are limited to myself and the Director of Administration, while some passwords are accessible to multiple staff working on a project. I like Secret Server’s audit trail and we’ve created a system whereby certain team members can grant permanent or temporary access to passwords.

Isn’t it time for a company password management policy?

How to Make Your AMS a Revenue Generator, not a Cost Center Posted on March 25, 2024
I attend a lot of webinars and conferences about non-dues revenue, including Non Dues-A-Palooza. At all of these events, there are presentations and discussions about new products and new partnerships that associations can invest in and offer to their members. I realized recently that hardly anyone is talking about AMS (association management system) as a revenue generator; this makes no sense...
The End of Expertise and How Associations Must Adapt Posted on February 23, 2024
“Trust in companies from global companies is in decline, worry over societal threats and establishment leaders misleading us is growing, while peers are as trusted as scientists for information on new innovations.” – 2024 Edelman Trust Barometer A couple of weeks ago, I facilitated a discussion through UST Education about trust and associations with Melanie Gottlieb, CEO of the American Association...
6 Tips for Successful AMS Onboarding for New Staff Posted on February 12, 2024
When welcoming a new staff member into your organization, the onboarding process plays a pivotal role in shaping their future at your association. It's not just about acquainting them with the organization, their colleagues, or the physical workspace; it's also crucial to empower them with the tools and knowledge they need to thrive. And your Association Management System (AMS) is one...

Why Your Company Needs a Password Management Policy

Related Articles