Implement a Password Management System to Avoid Being Stung

Password management systems prevent major hassles

A few years ago, we began to work with a new client who had no idea he was sitting on a hornet’s nest of hassles.

The first sting came when we asked for the administrative password for one of the servers.

The client didn’t have it.

Then we asked for more passwords, and the hornets swarmed us in waves.

Turns out the previous IT vendor didn’t document anything. He had not implemented any password management system and he was long gone.

The result: Passwords had to be reset across the organization. In some cases, that meant full system resets and data loss. In all cases, that meant wasted time and frustration.

It would take me hours to recount all the hassles and to tell you everything we had to do to put the hornets back in the nest.

Build Password Management Into Your IT Plan

So instead of looking back, let’s look ahead and discuss this rotten fate:

When considering an IT vendor, ask them how they manage clients’ passwords. If they don’t have a strong answer, look for another vendor.

Insist that the vendor document all passwords in a secure system (lots of options) that you can access. Don’t let the vendor lock the password “vault” in their “house” where you can’t open it if they’re gone.

Tightly control administrative access to your systems and allow only authorized personnel (as few as practical) to change passwords. Document password changes immediately.

Document challenge questions and answers. Some password recovery systems begin by asking you a question such as, “What was the last name of your third-grade teacher.” We’ve seen businesses get stuck because they don’t record the challenge question and answer, and they lose track of whose teacher they’re asking about. You’re sunk if your vendor set this up and is no longer around.

Make sure password-recovery contacts include people inside your company. Create an email alias on your domain (which you control) that can forward to someone in your company AND to the vendor. If the vendor is gone, someone in your house can still get that password. This is trickier with password recovery systems that send an SMS message to a phone.

You Have Better Things to Do

Managing your IT systems is hard enough without creating unnecessary problems. Businesses burn countless hours chasing down lost passwords or recovering from the mess created by unrecoverable passwords.

With a little planning and simple systems, you can keep the hornets at bay, avoid the hassle and get on with important business.

Call Us for a Free Consultation

Want to learn more about STR Technologies, including our Help Desk and monitoring services?

Contact us today to schedule a free IT evaluation of your business.

This evaluation won’t take long and is guaranteed to give you a better understanding of your current IT environment. What do you have to lose?