Debunking Password Manager Myths and Misconceptions
Over the years I've spent working for TeamPassword, I've heard quite a few incorrect assumptions about password managers when talking to people who don't quite understand how they work. Today, I'm going to dispel those rumors! See below the most common password manager myths and misconceptions.
Myth: Password managers don’t actually increase security, they just make it faster to get access to your passwords.
Password managers let you create a long, unique, secure password for every tool you use, doing the maximum to increase you password security. Without a password manager, teams would need to remember hundreds of different randomized passwords, which is too much to ask, so the alternative is falling back onto their usual 2—3 standard passwords. Using a password manager lets people log in to one account and access all the random, unique, secure passwords that they need.
Also, you’re no longer typing passwords when you’re in public! If you’re working in a coworking space of coffee shop, you won’t have to worry about who’s looking over your shoulder.
Myth: It isn’t secure to store all of you login information in a single password manager because it could get compromised.
The people who run TeamPassword can’t see your passwords, so even if someone hacks our information, yours still won't be visible. Everything is encrypted in your browser, sent to us encrypted and then transmitted back to your browser encrypted, and only then is decrypted into plain text.
Since it’s natural that people on the team will need access to more than one tool, most passwords are all stored in the same place by companies. Otherwise, teams may resort to storing passwords somewhere like a spreadsheet, which both collects all your passwords in one place and makes it really hard to limit access within an organization.
Also, a lost or stolen master password isn’t the end of the world! Each team member will be limited to the passwords that they need, so this doesn’t mean that all your passwords will be at risk. We allow you to authenticate with Google Sign-In using your work email, making it easier to use a super long, complicated password for your TeamPassword, but still have the convenience for one click sign in.
Myth: When choosing a password manager, you should look for one that hides anyone from seeing the passwords stored because it’s more private that way.
It’s important to know that if a password manager fills in form fields for you, it’s possible (and pretty straightforward) for anyone with access to see that password by revealing the password field. If the password manager doesn’t let you know the password, then that means that anyone at the password manager company could see your passwords.
TeamPassword makes it really easy to limit who has access to what, and we generally find that you should trust your team more than you trust your password manager, meaning that the password manager should have no way to know which usernames and passwords they’re encrypting and storing.
Myth: It’s more added steps to use a password manager.
Yes, it takes time to get set up, but TeamPassword saves tons of wasted time down the road. For a small one-person company, it might work to do everything manually, but as your team grows, one person is quickly elected as the ‘password manager,’ and whenever someone needs to log into something that person will get a tap on the shoulder.
It’s also nicer for new employees to know where they look for the usernames and passwords they need to do their job. It can be an awkward time starting a new job since you’re eager to prove your worth to the company, the last thing you want to do is constantly nag your boss to help you get logged into tools.
To save you some of that initial startup time, we have an importer for companies to use, and everyone invited can add logins, so you can make the ‘get passwords in’ stage a team sport. Also, this stage may have you realizing that you use the same password for 25 different services, or that a lot of your passwords are weak, so that so-called long setup time can be constructive if you’re also updating and improving your passwords as you go. It’s security debt you’re paying down.
Myth: The password manager in my browser is good enough.
While a browser’s built-in password manager can totally get the job done, it really only works for one person. As soon as you have a service that more than one person needs to log into, the team can quickly get out of sync.
If you're looking for a way to amp up your password security and efficiency, look no further than TeamPassword. Sign up for a free 14-day trial here.