How to Handle Objections with Your Employees When They Defend Keeping Passwords in a File

As people are forced to create more and more online accounts out of necessity, they’ve continued finding solutions to remembering all those passwords.

Some of those solutions weren’t so great, such as using weak, easy-to-remember passwords or using the same password for multiple accounts. The best practice is to create strong, 16-character passwords that are hard for computers and attackers to guess, but the downside is they are hard for us to remember.

Another not-so-great solution, keeping a file on your computer with all your passwords. While at first glance it might seem smart, especially if you password protect the file and don’t name it “passwords,” it’s still an easily searchable file in a readable, unencrypted format that anyone can access with the right tools.

You might have employees who do just that on their work computers, which puts them and your organization at risk.

People don’t like change, so asking your employees to completely revamp how they store their passwords probably will come with some pushback; they may even attempt to negotiate around the issue.

But don’t worry. We’re going to outline some of the most common objections and some examples of how you might handle each situation.

Common Objections and Suggested Responses

1. I have the Excel file password protected. Password protection in Excel can unfortunately be bypassed with the right tools, which are easily available. We suggest a password manager that uses advanced encryption methods far beyond Excel’s capabilities. This ensures that even if someone gets ahold of the file, they won’t be able to access the sensitive content inside.
2. I need to share these passwords with my team; it’s the only way we can work efficiently. Teams need to share information efficiently, and we completely support that. However, we propose a shared password manager that allows team members to access necessary passwords without them being exposed or vulnerable. This way, you maintain your workflow and enhance your security.
3. I’ve been doing this for years and never had a problem. We’ve been fortunate so far, but the landscape of cyberthreats is constantly changing. Just like we update our software to keep up with new features, we need to update our security practices to protect against emerging threats. A password manager helps us stay ahead of these threats.
4. Writing down passwords on sticky notes helps me in case I forget. While writing down passwords can be a temporary fix for memory, it’s not safe long term, especially on a network. A password manager can securely store all your passwords and only requires you to remember one master password. It’s like having a secure vault that remembers everything for you.
5. I’ve made the file names vague so no one would know they contain passwords. That’s a smart step, but hackers often don’t rely on file names alone. They use sophisticated programs to scan for any potentially sensitive content. A password manager encrypts your passwords so that even if your files are scanned, nothing sensitive can be detected or used against you.

As you’ve probably noticed, the theme behind these responses is password managers are much more secure than any other method available. Not only do they offer advanced encryption methods, but they allow you to safely share passwords among employees.

What Password Manager Should I Use?

If you feel overwhelmed with the number of passwords you have to remember, consider a password manager. These are some of the best free versions available.

• LastPass Free: This is a user-friendly option providing essential features like secure note storage and form-filling capabilities, albeit with some limitations in the free version.
• Bitwarden: Known for its open-source platform, Bitwarden offers a strong combination of security and accessibility with cross-platform support and robust encryption.
• KeePass: Ideal for those preferring offline data management, KeePass is open source and offers great flexibility, though it requires a bit more technical know-how.
• Dashlane Free: Dashlane offers a straightforward interface with a limit of 50 password storage in its free version, making it suitable for basic individual use.

Many of these password managers offer paid business-grade versions that allow you to set up your employees with accounts.

A free password manager is better than no password manager, but your goal should be a small investment to encourage your employees to practice strong password usage for their business and personal accounts.

West Michigan Managed IT Services

Looking to protect your company from cybersecurity threats? Contact us here or call our tech support at (616) 949-4020 to learn how we can help secure your sensitive data.

Did you like this blog? You can subscribe to our newsletter to receive a weekly email with our latest blog posts.