The use of password managers within an organization should significantly improve cybersecurity, but in practice, this is often quite disappointing. Our measurements show that, on average, only 5 to 10 percent of employees use the password manager offered by the employer. Painful, but it gets even worse. Indeed, we also see that a password manager (even if it is well used) hardly leads to the use of strong passwords. Conclusion: The password manager doesn't pay for anything. A waste of money, but more importantly: weak passwords remain and the organization remains at unnecessary risk.
‍

That must be possible differently. But how?

In this article, we explain the three problems that cause a password manager to perform poorly. And we tell you how MindYourPass solves these issues. The result: a password manager that performs optimally in terms of adoption and cyber security.

Here we go:

Issue 1: Deployment stops after technical rollout

The following applies to almost every change within an organization: it does not happen automatically. Whether it's a new system, a process change or reorganization. A change requires some form of management. Introducing a password manager within an organization is (unfortunately) no exception. However, we see that the “change process” often stops after installing the password manager and sending an instruction. “Surely people will work with it themselves, because it works so easily and it also makes us safer?” Wishful thinking. Although employees often see the point, learning the password manager is covered by daily activities.
‍

Solution: Make time to learn the password manager.

Getting the hang of it isn't difficult, but you have to sit down for a while. Making time and space is a prerequisite for successful implementation. One hour is often enough to help employees get started and transfer their first passwords to the password manager. That's what we see in our customers that we support during the start-up phase. MindYourPass has a wide range of training courses, so that each organization can put together a suitable training plan for its employees.
‍

Hint! Ensure support from management so that there is a willingness to free up time for employees to work with the password manager.

‍

Problem 2: Using the password manager is optional

For some of the employees, setting aside time to learn is not enough. They skip the e-learning or training, for whatever (valid) reason. As long as use is not mandatory, switching to a password manager remains at the bottom of the pile. And then quickly delay leads to reprieve.
‍

Solution: Enforce the use of the password manager step by step.

This has two advantages:

1. 100% adoption rate: all employees use the password manager
2. Secure password management: one uniform and secure way of working

This is how you collectively say goodbye to password notes and Excel lists. With MindYourPass, you can enforce the use of the password manager and, as an organization, get a grip on secure business password management. Enforcing that may sound exciting, but with the right approach, employees quickly see it as normal and natural.
‍

Hint! Take a step-by-step approach to enforcement. Start small, monitor, evaluate and expand. Make sure there are sufficient communication moments so that people are aware and have the opportunity to switch voluntarily even before it becomes mandatory.

‍

Issue 3: Saving weak passwords remains allowed

Using a password manager doesn't mean that your passwords are also strong. After all, you can also store weak passwords in your password vault. In terms of safety, you won't get anywhere. Our measurements show that the effect of a password manager on the use of strong and unique passwords is negligible. While long, complex passwords that you don't reuse are crucial for keeping your applications and data secure.
‍

Solution: Set mandatory rules for using strong and unique passwords

This is the only way to permanently prevent risky password use by employees. With MindYourPass, you can easily set policies per site or application. Depending on the policy set, employees receive a warning or are required to have their passwords meet the requirements. MindYourPass helps the employee easily generate and set a rock-solid and unique password that complies with the organization's policies.
‍

Hint! Here, too, the following applies: start small with a limited number of applications, for example the most critical ones. Ensure clear communication, monitor and evaluate and work towards the desired safety level.
‍
‍

Do you and your organization also want to achieve 100% adoption and secure passwords? We would love to get to know you without obligation.