The latest xneelo news, customer success stories and best-practice advice to enable your business.

The dos and don’ts of password management

November 13, 2019

Thanks to the internet, certain aspects of starting and running your business have never been easier. But along with the benefits, there are also potential risks. The more you’re able to do online, the more passwords and PINs you need to remember, which can be overwhelming. This is where password management comes in.

Password management is the practice of securely storing, organising, and managing passwords for all your online accounts, applications, and devices. The goal is to increase your online security by minimising the risk of password-related security breaches and phishing attacks.

As a business owner, it’s vitally important to not stray into password management habits that aren’t good practice.

For example, have you ever thought about what happens after you share passwords with other members of your team? Sharing passwords, even in a trusted internal team environment, can inadvertently put your business at risk. 

Luckily, there are a couple of rules to follow that will protect your passwords. 

Here are some password dos and don’ts to keep in mind when managing and sharing sensitive credentials.


Do use a password management tool to keep your sensitive information in a safe location. There are a number of apps and services that will help you manage and share your encrypted credentials in one place. Choose the right one for your needs – for instance, team sharing. Well-known tools include Passbolt, 1Password, LastPass, and Google Smart Lock

Do use Two-factor Authentication (2FA) whenever possible. This added layer of security requires a mobile phone number, or an authenticator app, to be used in conjunction with a password. Using 2FA is highly recommended for access to your password management tool.

Do use auto-generated complex passwords – most password management apps include a password generator and this facilitates the practice of using a different password for each new account. 

Do revoke access to your accounts for employees who leave your organisation.


Don’t write passwords down in notebooks or on sticky notes. While this is tempting, it poses a serious security risk in the event that criminals gain access to your premises. 

Don’t use the same password across multiple services. Doing so makes you vulnerable. Should a single service’s password become exposed, all other services will also be accessible. 

Don’t share your passwords. You should never share your passwords but if you have no other choice, never send them over insecure means like email or SMS.

Don’t use personal information in your passwords – it makes it easier for criminals to reverse-engineer. For example, commonly used password formats include birthdays, children’s names, or company names. This information can easily be sourced by hackers via social media.

It’s scary how much information we share online these days – especially if you’re running a small business. But with the right safety measures in place, and an understanding of the do’s and don’ts of password management, you can ensure your information is as secure as possible. 

Read more about website security here.

Fast, secure Web Hosting.

Backed by award-winning support.