The do’s and don’ts of password management

Thanks to the internet, certain aspects of starting and running your business has never been easier. But along with the benefits, there are also potential risks. The more you’re able to do online, the more passwords and PINs you need to remember, which can be overwhelming. Be careful not to stray into password management habits that aren’t good practice.

Another thing to consider is what happens when you need to share passwords with other members of your team. Sharing passwords, even in a trusted internal team environment, can inadvertently put your business at risk. 

Luckily, there are a couple of rules to follow that will protect your passwords. 

Here are some password do’s and don’ts to keep in mind when managing and sharing sensitive credentials.


Do use a password management tool to keep your sensitive information in a safe location. There are a number of apps and services that will help you manage and share your encrypted credentials in one place. Choose the right one for your needs – for instance, team sharing. Well-known tools include Passbolt, 1Password, LastPass, and Google Smart Lock

Do use Two-factor Authentication (2FA) whenever possible. This added layer of security requires a mobile phone number, or an authenticator app, to be used in conjunction with a password. Using 2FA is highly recommended for access to your password management tool.

Do use auto-generated complex passwordsmost password management apps include a password generator and this facilitates the practice of using a different password for each new account. 

Do revoke access to your accounts for employees who leave your organisation.


Don’t write passwords down in notebooks or on sticky notes. While this is tempting, it poses a serious security risk in the event that criminals gain access to your premises. 

Don’t use the same password across multiple services. Doing so makes you vulnerable. Should a single service’s password become exposed, all other services will also be accessible. 

Don’t share your passwords. You should never share your passwords but if you have no other choice, never send them over insecure means like email or SMS.

Don’t use personal information in your passwords – it makes it easier for criminals to reverse-engineer. For example, commonly used password formats include birthdays, children’s names, or company names. This information can easily be sourced by hackers via social media.

It’s scary how much information we share online these days – especially if you’re running a small business. But with the right safety measures in place, and an understanding of the do’s and don’ts of password management, you can ensure your information is as secure as possible. 

Yes! I would like to receive your newsletter.