Who's got your password? - PRR Computers, LLC

by Matt Kelland
11 years ago

Normally, we advise you to make sure that your password is completely secure, and that you should never, ever give your password to anybody else. It doesn’t matter how much you trust them – the only person who should know your password is you. But that’s not always the case, especially with corporate accounts.

It’s not an unusual situation – only the person who does the marketing needs access to the email newsletter system, only the person doing the accounts needs access to Quickbooks or the payroll system, and only the Web guy needs access to the Web server and all that complicated stuff. So why give out access to anyone else – right?

But there’s a problem with that attitude. When only one person has the password to a corporate resource, that is both a risk as well as a security feature. If that person isn’t available, then nobody in the company can access that resource. If they’re sick, on vacation, or leave, then your entire company can grind to a halt. The newsletter doesn’t go out. Nobody gets paid. The Web site doesn’t get updated. That person becomes what engineers call a single point of failure – if something happens to them, everything else fails.

Expect The Worst

And it happens regularly. In the last few months, I’ve worked with two clients where nobody in the company who knew how to access or update their Web site: one of them had their Web guy quit, the other was hospitalized for several months following a bike accident. I’ve had to help one client cancel a subscription to a service a former employee signed up for, which he couldn’t access because he didn’t know the password and the reminder notices were going to a defunct email address.

Think of passwords like physical keys – you wouldn’t dream of having a single keyholder and a single copy of the key for anything critical. You’d have a second keyholder and spare copies of the keys stored in a safe place – wouldn’t you?

You need to take the same approach to corporate passwords. Ensure that there are always two people who know how to get access to any critical software or services, just in case one of them is unavailable. And keep a copy of all those usernames and passwords in a safe place, preferably offsite – write them down and store them in your family bible at home, or use a password storage app to keep an encrypted copy on your smartphone. It’s a little insecure, but it’s better than being locked out of your own company.


Leave a Reply

Your email address will not be published. Required fields are marked *