Business Quick Start Guide
Getting started with Password Boss
Making the decision to bring Password Boss into your team is a great start. We have created a list of items below that will help your team, and your business, to get the most out of your decision to take control of your passwords.
It’s time for a password policy for your team
When you bring Password Boss into your business it is a great time to formalize a password policy for your team. The statistics are staggering – 81% of security breaches came from weak or stolen passwords. Password Boss gives you the tools, so you don’t become the next statistic.
Now is the time to ditch the passwords in spreadsheets, chats, emails, and everywhere else your users are saving passwords. With Password Boss every user now has place to store every business password, all their personal passwords, and a way to securely share passwords when it is needed.
We’re not fans of long, boring policies that nobody reads, much less follows. What we are fans of are simple to understand, easy to implement steps to that users follow, and that help to protect your business.
Here is a starting point for your password policy (make sure you talk with the powers that be in your organization before rolling out any new policy).
7 Step Password Policy
- Every password – no matter how insignificant – is added to Password Boss
- If you are accessing your personal accounts from your work device, add your personal passwords too. Neither internal IT nor Password Boss has any access to anything you store in your personal profile in Password Boss – it’s yours, and its private. If you ever leave you can export those passwords and take them with you.
- No more passwords in chats, emails, spreadsheets, taped under the keyboard or in the pencil drawer.
- Every password you have should be different – no more reusing passwords.
- Make every password as strong as possible for every site you access.
- When you need to share a password, share it in Password Boss. This goes for sharing passwords with people outside of your team. If someone you need to share a password with is not a Password Boss user, they can make a free account, so you can share the password with them.
- Your password security score matters – your goal is 90 or higher.
Let your users know that Password Boss is coming
Your business benefits the most when every one of your users is using Password Boss for all their passwords. To get to that point, you need to encourage your users to use Password Boss, and to provide the resources they need to be successful with the app.
Prior to rolling out Password Boss to your users it is best to let the users know it is coming. An email prior to the roll out, or a mention in a team meeting, are great way to make the announcement. Be sure to mention the goals of adding Password Boss to your team, how your new password policy will be used, and the time saving features of Password Boss.
Designate a Subject Matter Expert (SME)
Password Boss is a pretty intuitive app to use, and most users will probably not require much training beyond the videos and support articles we provide. For your team to get the most out of Password Boss, and to have a quick place for your users to get questions answered, we recommend that you designate someone on your team to be the SME. The SME can also help you implement your password policy. Some of the items your SME can help with:
- Establishing naming conventions on shared passwords and folders makes it easy for the recipients to find and use shared passwords.
- It is not uncommon for users to have 500+ passwords. Helping with tips on organizing items with folders and tags will make your users more productive.
- Lunch and learn sessions to introduce Password Boss to users.
Create user accounts
Creating your user’s accounts is a quick process and just takes a few minutes. Each user’s account is based on their email address, and each user should be able to receive emails at the address for their account. User accounts can be created by an admin on your account directly in the portal. If your subscription is on the Advanced plan then you also have the option of using the Active Directory connector to create your user accounts directly from Active Directory.
When creating user accounts, you will need to supply first name, last name and the email address for each user. If you are using the portal to create your accounts, they can be created on at a time or you can create multiple accounts at the same time by providing a CSV file.
The person who creates your business account is automatically an admin for the business account. You can designate any other users as admins on your account as well. An admin has full access to your account on the portal.
Each time you create a new user, the user will receive an email with a temporary password for their account. The email also contains a link to download the app for PC, Mac, iOS and Android devices.
Groups in Password Boss are used for sharing passwords. Groups are either created in the portal directly or synchronized from Active Directory. All of the groups in your account are available to all of the users on your account. Groups on your account are not available to any other account – for example if one of your partners also has Password Boss they cannot share passwords with one of your groups, they would have to share passwords with your users individually.
When your users are creating shares in the client app, they will see your list of groups sorted at the top of the list of recipients. Consider using a special character in group names to make it easier for you users to distinguish groups names as well. For example, + Marketing instead of Marketing.
Setup security policies
Password Boss provides a full set of security policies that you can configure based on the security needs of your business. The policies are fully explained in our support articles, as well as in the portal itself.
Here are some guidelines for getting the most out of the security policies
- It may make sense to begin enabling the security policies slowly at first.
- When you make changes to the security policies be sure to tell your users in advance so that they are aware of the changes.
- If you are enabling any of the restrictive policies, like disabling sharing, add these restrictions to your internal policies and let the users know in advance so that there are fewer support questions for your team.
- Several of the policies are designed to work well together. For example, forcing all team items into the team profile and the policy to backup all team items work very well together. If you have any questions on the security policies, please reach out to our support team and we will be happy to provide any help and guidance, so you can get the most out of the security policies.
- The Advanced security policy to Backup all team items is a powerful policy and gives the admin on your account access to all items stored in the team profile for each of your users. This policy creates a decryption key when the policy is enabled. Do not lose this key. You need the key to access the backup files from your users. Password Boss does not store a copy of this key anywhere. Without this key you cannot access the backups.
Install the app on user devices
Each user will need the Password Boss app installed on each device that they will be using to access their passwords. When new users are added to your account, each user receives an email with a temporary password for their account and a download link for the Password Boss app.
If your users install their own software on their devices, the welcome email will provide the information needed for each user to install the app on their devices.
If your business installs software for your users, you will want to coordinate the app install with the actual account creation to avoid confusion and to reduce user questions.
Your users are using Password Boss – what’s next?
- Monitor security score improvements for you users. Set internal goals for your users to reach. A password security score of 90 or more is considered excellent.
- Include each users Password Security Score as part of your internal review process. A higher security score keeps your business more secure.
- If you are using an outsourced IT provider, make sure you have copies of every one of the passwords for your account. If your IT provider also uses Password Boss, they can share the passwords with you within Password Boss.
- Consider adding 2 Factor Authentication for your admin user accounts at a minimum, and if possible, for all users.
- A full audit trail of all changes to your account is found on the Reports tab of the portal. Review this on a monthly basis as part of your regular security reviews to make sure everything looks correct on your account.