Network security
Te whakamahi i tētahi pūwhakahaere kupuhipa i tō pakihi

Use a password manager in your business

A password manager is like putting your passwords into an online safe that only you have the key to. Find out how to choose one for your business.

What it is

Once you’re confident your staff are using strong passwords, the next step in strengthening your business' online security is to get them to store their passwords in a password manager.

Using a password manager is an easy way for you and your staff to keep track of all the passwords used to access your business programmes, services and systems. It’s an important step in safeguarding your business data and keeping your business secure online.

How it works

A password manager is like putting your passwords into an online safe that only you have the key to.

Password managers:

  • encrypt, store and protect all your passwords so no one else can access them
  • allow you to generate passwords made up of a random, unique string of characters
  • keep track of your passwords so you don't have to remember them all – you only have to remember one master password
  • don't require IT support to set up or implement
  • can be used to store other information securely, like pin numbers or two-factor authentication (2FA) recovery codes.

When you set up a password manager, you create a 'master password' to use when you access your safe. Once you have your online account details stored in the password manager, the master password is the only one you have to remember. The password manager will do the rest for you.

How to protect your business

  • Things to consider first

    When you're choosing a password manager, consider the sensitivity of the passwords you have, how many staff you have and how many accounts they access. This will help you choose whether to:

    • store your passwords in the
    • store your passwords on your computer’s local drive
    • use the password manager that comes with your browser.

    Some password managers also offer features like:

    • dashboards to monitor usage across your organisation
    • user management options – for example, multiple roles that offer different levels of access
    • policy management – for example, mandatory 2FA or a restriction on who can reset a master password.
  • Cloud-based password managers

    Cloud-based password managers:

    • store your passwords in the cloud, meaning they can be accessed from multiple devices. This is a real advantage if you do a lot of work on your laptop and mobile phone. But, it means you need to be careful – only access your password manager on trusted devices and browsers
    • often allow you to share specific passwords when necessary. This can be useful if there are accounts – for example, for social media – that several staff members need access to
    • may also offer the option for your staff to create their own 'safe' within the password manager to store their personal passwords in
    • tend to offer a range of other optional add-ons.
  • Local drive-based password managers

    Local drive-based password managers:

    • store your passwords on your computer’s local drive. This means an attacker could only access them if they managed to get access to your computer – if you left it unattended and unlocked, for example, or if they managed to work out your computer password
    • can be a good option if you have a lot of financial trading or bank account passwords
    • rely on you making regular back-ups to your computer to keep the passwords secure
    • don't let your staff access their password manager from home or on a mobile device, so it’s less useful if you offer flexible working.
  • Browser-based password managers

    Browser-based password managers:

    • are built into your , such as Internet Explorer or Chrome
    • are easy to use – a message just pops up when you log in to a website asking if you want the browser to save your password
    • don’t have the same level of encryption, security or features as other cloud or locally based password managers
    • store your passwords locally on your computer (unless your browser is synced to your other devices, in which case the passwords can be accessed from them as well) – so an attacker could only access your browser-based passwords if they managed to get access to your computer. For example, if you left it unattended and unlocked, or if they managed to work out your master password.

If you want an extra layer of security for your password manager, turn on 2FA. That way, you'll be notified if someone does try to log into your account.

Protect your business with two-factor authentication