Password Management Should be at the Top of Every MSP’s Arsenal

Imagine the risk:

A former technician starts grumbling about your firm amidst a night of self-indulgence and sulking.  Curiosity gets the best of them, and they decide to see if all the client passwords have been changed since their departure from the company.  Low and behold, they find a service account password that wasn’t changed, and are logged into the client’s server with administrative rights… What could they do? Delete data? Delete near-line backups? Deploy a Virus? Shutdown all the servers? Change other passwords and wreak further havoc?

As an MSP, security of your clients’ networks should be first and foremost.  Gone are the days of just installing a good firewall, antivirus, and spam filter – although these technologies keep out the common hacker and threat, if the keys to the network fall into the wrong hands all these barricades are moot.

Recent regulatory controls over businesses that process credit cards, store confidential information for individuals, or are listed on the stock market require that passwords are stored in a controlled environment with restricted access to only the people that need it.  Although these rules seem stringent and difficult to keep up with – they will make your life as an MSP easier and help you sleep better at night.

The ease of pulling reports to evaluate the complexity of passwords in use at your clients, staying on top of password rotations, ensuring passwords stored are accurate, having access to the passwords from anywhere at any time, or knowing exactly which passwords need to be changed prior to terminating a technician (rather than the onslaught of 10+ hours of changing every password your MSP manages, still likely to miss a few in the process).

I know you may be thinking that your client passwords are currently safe in your PSA (Autotask, ConnectWise, etc), but have you considered the risks with storing them there?  Concerns over the passwords being stored in plain text and shown all in a single list, not knowing which technicians or other staff have looked at and may know those passwords, a loss of the password history when the notes are updated, and inability to quickly search for the correct password in the long list for your larger clients.

As the technology world evolves and clients become more concerned about the security of their businesses, this could be the differentiator your MSP needs to close new contracts when you discuss the technology you have in place to ensure the security and reporting around the storage and access to their most sensitive administrative credentials.

If your firm hasn’t yet considered the importance of password management, I would suggest bumping it to the top of your list.


This is a guest post written by Colin Knox on behalf of  Colin is the CEO of PASSPORTAL Inc. an online password management solution for IT providers and MSPs.  He is also the President of XCEL Professional Services a leading MSP in Calgary, Alberta Canada.  Having operated his own MSP for the previous 4 years, and previous experience in senior management at other firms for years before, Colin has experienced many rights and wrongs to running an effective and successful MSP.