Corporate Security: Where to Store Passwords?
If passwords to your banks, servers, and social media are stored in an Excel spreadsheet, iPhone notes, or in the "Saved" chat in Telegram β your business is at risk.
At 1it.pro, we implement security standards that protect against leaks while remaining convenient for employees. We recommend using Vaultwarden (a corporate password manager).
Why Excel and Telegram Don't Work?β
- No Encryption: An Excel file can be copied to a flash drive and opened at home.
- No Access Control: If you give the file to an employee, they see all passwords, including those they don't need.
- Inconvenient: When an employee leaves, you'll have to change all passwords manually because you don't know which ones they saved.
What is Vaultwarden?β
Vaultwarden is a lightweight, fast version of the popular password manager Bitwarden that we deploy on your server.
It is your personal digital safe.
Advantages of a Self-Hosted Solution (On Your Server)β
- Full Control (GDPR): Your password database is not stored in an American corporation's cloud. It resides on your server in Germany/Europe, under your protection.
- Free Premium: Unlike paid SaaS solutions (1Password, LastPass), Vaultwarden is free and supports all premium features (TOTP, file attachments, YubiKey).
- Cross-Platform: Works everywhere β iOS, Android, Windows, Mac, Linux, browser extensions.
Access Organization: Collectionsβ
The main business feature is Collections (Groups). You don't give passwords to people β you give people access to Collections.
Example structure:
- π Marketing: Access to Instagram, Facebook Ads, Google Analytics. (Access: Marketer, CEO).
- π Development: Access to Hetzner hosting, GitHub, Cloudflare. (Access: CTO, Developers).
- π Accounting: Banks, tax services. (Access: Accountant, CEO).
- π Admin: Administrator passwords. (Access: CEO only).
Scenario: Your marketer left? You simply disable their account in Vaultwarden. Access to all services is revoked instantly. You don't need to frantically change 50 passwords.
Digital Hygiene: Password Change Rulesβ
There is a myth that passwords need to be changed every 30 or 90 days. Modern security standards (NIST) say otherwise.
1. How Often Should You Change Passwords?β
Answer: Only if there is a suspicion of a breach.
Frequent password changes are harmful: people start creating simple combinations (Password1, Password2, Password3) that are easy to crack.
Best Practice:
- Create one very complex and long password (20+ characters) once.
- Use a password generator.
- Never memorize it (let Vaultwarden remember it).
2. Two-Factor Authentication (2FA)β
This is mandatory. Even if a hacker learns your password, they won't get in without a code from the app. Vaultwarden can generate 2FA codes (TOTP) itself β you don't need Google Authenticator on your phone, the code will be automatically filled in your browser.
3. Master Passwordβ
The only password you need to remember is the Master Password for logging into Vaultwarden itself.
- Make it a phrase. For example:
I-love-coffee-in-Warsaw-morning-2024!. -
Important
If you forget the Master Password, we cannot recover it. The data is encrypted in such a way that without this key, it becomes digital garbage. Write it down on paper and put it in a real safe.
How Do We Implement This?β
- Installation: We deploy Vaultwarden on a secure subdomain (for example,
vault.your-company.com). - Configuration: We restrict external access, allowing login only via VPN or whitelisted IPs (optional).
- Backups: We set up automatic password database backup in encrypted form.
- Training: We show the team how to use the browser plugin.
π Where to Start?β
- Install the Bitwarden app on your phone and computer.
- In settings, select "Self-hosted" and enter the server address we provide.
- Start transferring passwords from Excel.