One of the biggest challenges in my business is the managing of passwords. At any given time I have between 5 and 10 active accounts all with hosting logins, FTP, website logins, and logins for various financial accounts, social media accounts and countless other things.
To make matters even more complicated, I often have 5 logins for the same site (PayPal for instance – which a lot of my clients use as a payment gateway).
My issues with password management are two-fold:
First, how do I collect and keep track of passwords myself, so that I can quickly access the accounts I need and not waste valuable development time trying to track down a login?
Second, what is the best system to recommend to clients for keeping track of their passwords so that when a developer needs them in the future, they can have a quick way to find them?
At the intersection of these two issues is how, when I’m building a new site, can I keep track of all of the passwords in a way that makes it easy for me to pass them back to the client when I complete the work?
Of course, since these logins allow access to some pretty sensitive information, all of this needs to be reviewed with an eye on security. My clients have a range of concerns and levels of concern about security, so I always err on the side of the most secure. I won’t be discussing most aspects of secure passwords here, but there are some great resources out there. Here are just a few:
Heimdal Security: Password Security 101
Huffington Post: 7 Steps to Safer Passwords
The New York Times: Protecting Your Digital Life in 7 Steps
So, here is what I have (and haven’t) figured out:
For my systems, I use Last Pass, which works great for me. I save ultra secure passwords in the system and have one secure password for Last Pass which makes it easier to memorize.
For my clients – I don’t know what to suggest. I package up their logins and send them back, but judging from how hard it is to get passwords from people when I’m starting projects, those emails/text messages/printed documents just go into the trash. Does anyone have any good ideas for password storage for individual clients?
One trend that I’m noticing with larger companies is the ability to “grant access” to your account to another user. In these cases, the original account holder can grant access to me by just entering my email address. I’d like to see more two-factor authentication in these systems, but that’s another story for another day. At least in these cases, I can access account information under my own login, which also allows clients to remove access for people without changing their own login info.
For now, I’m setting a goal to develop a better system than what I’m using sometime in the next 6 months and then implement that for all clients to make this step less of a hassle for everyone.