Password Management Solution: The easy answer to all your password dilemmas
Bitwarden offers the easiest and safest way for teams and individuals to store and share sensitive passwords from any device.
Password / Passphrase Management - Critical
Your business needs to have a more robust Passphrase/Password Management system put in place. Passphrases are the same as passwords but they are long and easier to remember. WHY?
1. Using a document or spreadsheet which contains all your logins is not acceptable in this day and age as they can be easily found and hacked by cyber criminals
2. Similarly, storing your passwords in a browser is easily hackable. You can go into chrome and press a button to export all your passwords, ... and so can a hacker!
You are potentially putting your company’s systems at risk, thus compromising your customer’s confidential data. This is in breach of the Privacy Act 2020 where the principle is to do everything possible to protect customer data by controlling who has access to it and to keep it safe and secure. Modern best practices are expected.
Potentially you are not complying with cyber insurance requirements so in the event of a breach you may be found guilty of not taking reasonable measures to protect sensitive data. This could mean you are not covered by insurance if the worst situation occurs.
A platform we can trust our credentials for them to be safe and of easy access, anywhere, anytime
Password Management Solution: The easy answer to all your password dilemmas
Alternatively, let a system create the passwords/passphrases for you. We propose the roll out of a Passphrase Management system onto all computers, mobile phones and browsers as a plugin. This system would be Bitwarden Enterprise or Teams.
There would be a minimum of 2 accounts - director/owner & team (everyone else). The director account would have access to all the passwords for the business, and your team account would only have access to the passwords that they need. This could obviously be broken down further into departments.
If this structure is not needed, i.e. You have full trust between all directors / staff / contractors then you can get away with just 1 account. If more than two accounts are needed this can also be set up - eg Directors, Middle Managements, Accounts & Admin, General Team. etc
A password management system relies on a master password so this would be extremely long and would not be written down anywhere. It would need to be memorised by the director and 1 other trusted person. Once created, you can then tie this into biometrics or Windows Hello for quick access using a fingerprint, face or pin number for example.
Why Bitwarden as the password manager?
Bitwarden is a business grade and trusted password manager that complies with Privacy Shield, GDPR, CCPA regulations. It will allow you to securely store and organise your logins for all of your accounts in one place. It can be installed on any computer, phone or browser so you can access your accounts from anywhere at any time.
Moreover, if you are working in a team, Bitwarden offers the ability to have multiple different users who can login with their own account but be given access to the same password vault as others as well as having their own confidential and segregated area to store their own passwords. For example, User A has access to all passwords and User B has access to only a few passwords. These are only some of many features that Bitwarden has to offer.
Pricing and How to buy
We, Computer Clinic, would purchase the system for you so we can set up the backend securely, to the best practices. Note we would not have access to any passwords though.
Pricing Explained
A single account can be shared across unlimited devices. However, if multiple Bitwarden Accounts are needed within a company, then these need to be on a Team or Enterprise plan with permissions applied. If you are running Microsoft 365 for your systems, then the Enterprise plan integrates with this, known as single sign on. Computer Clinic can arrange everything and pass on the same cost that you would pay if you went direct.
You can also take out a month to month (cancel anytime) subscription which is $6 USD which can be cancelled anytime. Ideally everyone would have their own account to make this system fully manageable. E.g. Say 1 user had a device stolen, we could easily lock their account, disable and remove everything. But if that account was being shared by other users, then they would suffer the same consequences. So not ideal. However, on the flip side, if you wanted to save money, you could share accounts and if the worst occurred it would just take a different approach/more IT input to sort everything out.
