Multi-User Password Solutions for Teams
Smartphones are great, and they’ve quickly become an essential tool for managing our lives. Ten years ago, I couldn’t even conceive of carrying around something like a smartphone. Now I’m lost without mine. I use it to keep track of my calendar and my contacts, collaborate on projects when I’m not in the office, organize much of my social life, watch TV shows, and get directions. Despite its handiness and power, however, there’s one thing I’ve learned not to use my smartphone for: multi-user password management.
Why Not Team Password Management on a Phone?
There are several smartphone apps out there that promise to manage your passwords. I counted at least 100 in a recent search in the Google Play store—before I got bored and moved onto other things. Some of those apps can be quite sufficient for the individual user, but when you have a whole team, division, or company to manage (or several companies if you’re in the managed service IT [MSP] business), it’s a whole different story. Here are two factors that make multi-user password management more challenging than managing the passwords of an individual user:
1. In a team, people come and go
In business, the make-up of a team is rarely consistent. When people leave, they take their knowledge of passwords with them. It’s not always desirable to have a former team member retain access to critical systems or applications. In fact, it’s downright risky.
2. Team members have different roles and different levels of authority
Within a team, like the staff members of an MSP, there is usually a wide range of authority levels, from high-level administrators to junior technicians who are still undergoing training. They don’t all need access to all your passwords. For maximum security, each user within a team should only have access to the credentials he or she needs to do his or her job—and nothing more. We call this “least privilege” and is essential as part of role-based access control.
Because of these factors, trying to manage an entire team’s-worth of passwords on a smartphone app, or keeping track of them manually in a spreadsheet or other document just isn’t feasible. What I recommend instead is seeking out a robust password management solution built for teams that is specifically designed to handle the comings and goings of different team members with functionality for assessing and changing shared passwords, if necessary, and continually monitoring the use of passwords to see if former team members are trying to access password-protected systems. A multi-use password management solution should also be able to set roles for different team members, granting them access to the password information they need and none of the information they don’t.