What is the purpose of a password? If we pose this question to any group of users, we will get a variety of responses. In simple terms, the purpose of a password is to keep your data/information secure, secret and private. Essentially, passwords have to be kept secrets to serve the purpose. Ironically, due to lack of proper password management, we tend to make our passwords much like ‘Pulcinella’s Secrets’!
Yes, you read it right – Pulcinella’s Secrets! If you wonder whether you got the meaning correct, let me explain:
Pulcinella is an illustrious comic character in Commedia dell’Arte, a form of theater that
began in Italy in the mid-16th century. The very character of Pulcinella is his inability to keep secrets. Any confidential information conveyed to him would become an open secret in no time. The secret will reach far and wide, but everyone will pretend not to be knowing. In reality, Pulcinella’s secrets are not secrets at all.
Passwords in Text Files, Post-Its or Spreadsheets are Pulcinella’s Secrets, Literally!
With the proliferation of password protected online accounts and IT assets, businesses are drowning in a pile of passwords. But, many organizations and business establishments do not have any effective password management procedure in place at all. Employees adopt their own, haphazard way of maintaining the passwords. Following are some typical scenarios:
- Sensitive passwords are stored in volatile sources such as text files, spread sheets, post-its and the like
- Many copies of the passwords are circulated among the people who require them for their job functions. There is generally no trace on ‘who’ accessed ‘what’ passwords and ‘when’. This creates lack of accountability for actions
- When one user changes a password, it should be updated in all the ‘copies’; otherwise, at the most needed time, one would be trying to login with an outdated or old password. As a result, the passwords mostly remain unchanged for ages for fear of inviting such lockout issues
- There is rarely any internal control on password access or usage in many organizations. Users freely get access to the passwords
- When other members of the organization require access to an online application / an online account, passwords are generally transmitted over word of mouth
- If an employee leaves the organization, it is quite possible that he/she may be getting out with a copy of all the passwords
So, if you follow the traditional style of storing the business passwords as described above, your passwords would have probably turned Pulcinella’s Secrets! Many in your organization might be accessing the passwords, while you would be thinking otherwise. Obviously, this practice leaves the organizations open to security attacks and identity thefts.
Deploying a Password Manager – The Best Practice Approach
One of the effective ways to keep your passwords secure (and really secrets) is to store them in a central, secure, digital vault and automate password management tasks. Deploying a password manager like Zoho Vault can help you in taking total control of your passwords. You can store all your online identities – passwords of web applications, PINs, registration numbers, access codes, bank account details – anything sensitive or confidential in the online vault and access them from anywhere. Password changes can be updated at the central vault.
You can selectively share common passwords on need basis among the members of your organization with fine-grained access privileges. Your users will get access only to the required passwords, not all. You will also get comprehensive audit trails on ‘who’ accessed ‘what’ passwords and easily trace activities to individuals. You can completely eliminate the insecure, cumbersome practice of storing passwords in volatile sources like post-its, text files, print-outs and spreadsheets. Try Zoho Vault, now!