Getting started with Password Boss

Deciding to bring Password Boss into your team is a great start. We have created a list of items below that will help your team and your business to get the most out of your decision to take control of your passwords.

It’s time for a password policy for your team.

When you bring Password Boss into your business, it is a great time to formalize a password policy for your team. The statistics are staggering – 81% of security breaches came from weak or stolen passwords. Password Boss gives you the tools to avoid becoming the next statistic.

Now is the time to ditch the passwords in spreadsheets, chats, emails, and everywhere else your users are saving passwords. With Password Boss, every user now has a place to store every business password, all their personal passwords, and a way to securely share passwords when it is needed.

We’re not fans of long, boring policies that nobody reads, much less follows. We are fans of simple-to-understand, easy-to-implement steps that users follow and help protect your business.

Here is a starting point for your password policy (make sure you talk with the powers that be in your organization before rolling out any new policy).

7-Step Password Policy

1. Every password – no matter how insignificant – is added to Password Boss
    
2. If you are accessing your personal accounts from your work device, add your personal passwords too. Neither internal IT nor Password Boss has any access to anything you store in your personal profile in Password Boss – it’s yours, and it's private. If you ever leave, you can export those passwords and take them.
    
3. No more passwords in chats, emails, or spreadsheets, taped under the keyboard or in the pencil drawer.
    
4. Every password you have should be different – no more reusing passwords.
    
5. Make every password as strong as possible for every site you access.
    
6. When you need to share a password, share it in Password Boss. This goes for sharing passwords with people outside of your team. If someone you need to share a password with is not a Password Boss user, they can make a free account so that you can share the password with them.
    
7. Your password security score matters – your goal is 90 or higher.

Let your users know that Password Boss is coming

Your business benefits the most when all your users use Password Boss for all their passwords. To get to that point, you need to encourage your users to use Password Boss, and to provide the resources they need to be successful with the app.

Before rolling out Password Boss to your users, it is best to let the users know it is coming. An email before the rollout or a mention in a team meeting are great ways to make the announcement. Be sure to mention the goals of adding Password Boss to your team, how your new password policy will be used, and the time-saving features of Password Boss. 

Designate a Subject Matter Expert (SME)

Password Boss is a pretty intuitive app, and most users will probably not require much training beyond the videos and support articles we provide. For your team to get the most out of Password Boss and have a quick place for your users to get questions answered, we recommend that you designate someone on your team as the SME. The SME can also help you implement your password policy. Some of the items your SME can help with:

• Establishing naming conventions on shared passwords and folders makes it easy for the recipients to find and use shared passwords.
   
• It is not uncommon for users to have 500+ passwords. Helping with tips on organizing items with folders and tags will make your users more productive.
   
• Lunch and learn sessions to introduce Password Boss to users.

Create user accounts

Creating your user’s accounts is quick and takes just a few minutes. Each user’s account is based on their email address, and each user should be able to receive emails at the address for their account. User accounts can be created by an admin on your account directly in the portal. If your subscription is on the Advanced plan, you can also use the Active Directory connector to create your user accounts directly from Active Directory.

When creating user accounts, you must supply each user's first name, last name, and email address. If you use

 the portal to create your accounts, they can be created one at a time, or you can create multiple accounts simultaneously by providing a CSV file.

The person who creates your business account is automatically an admin for the business account. You can designate any other users as admins on your account as well. An admin has full access to your account on the portal.

Each time you create a new user, they will receive an email with a temporary password for their account. The email also contains a link to download the app for PC, Mac, iOS, and Android devices.

Create groups

Groups in Password Boss are used for sharing passwords. Groups are either created in the portal directly or synchronized from Active Directory. All of the groups in your account are available to all of the users on your account. Groups on your account are not available to any other account – for example, if one of your partners also has Password Boss, they cannot share passwords with one of your groups. They would have to share passwords with your users individually.

When your users create shares in the client app, they will see your list of groups sorted at the top of the list of recipients. Consider using a special character in group names to make distinguishing group names easier for your users. For example, + Marketing instead of Marketing.

Setup security policies

Password Boss provides a full set of security policies that you can configure based on the security needs of your business. The policies are fully explained in our support articles, as well as in the portal itself.

Here are some guidelines for getting the most out of the security policies

• It may make sense to begin enabling the security policies slowly at first.
   
• When you make changes to the security policies, be sure to tell your users in advance so that they are aware of the changes.
   
• If you are enabling any of the restrictive policies, like disabling sharing, add these restrictions to your internal policies and inform the users in advance so that there are fewer support questions for your team.
   
• Several of the policies are designed to work well together. For example, forcing all team items into the team profile and the policy to back up all team items work very well together. If you have any questions about the security policies, don't hesitate to contact our support team; we will be happy to provide any help and guidance so you can get the most out of the security policies
   
• The Advanced security policy to Back Up all team items is a powerful policy that gives the admin on your account access to all items stored in the team profile for each user. This policy creates a decryption key when the policy is enabled. Do not lose this key. You need the key to access the backup files from your users. Password Boss does not store a copy of this key anywhere. Without this key, you cannot access the backups.

Install the app on user devices.

Each user will need the Password Boss app installed on each device that they will be using to access their passwords. When new users are added to your account, each user receives an email with a temporary password for their account and a download link for the Password Boss app. If your users install their own software on their devices, the welcome email will provide the information needed for each user to install the app on their devices.

If your business installs software for your users, you will want to coordinate the app install with the actual account creation to avoid confusion and to reduce user questions.

Your users are using Password Boss – what’s next?

• Monitor security score improvements for your users. Set internal goals for your users to reach. A password security score of 90 or more is considered excellent.
   
• Include each user's Password Security Score in your internal review process. A higher security score keeps your business more secure.
   
• If you are using an outsourced IT provider, make sure you have copies of every one of the passwords for your account. If your IT provider also uses Password Boss, they can share the passwords with you within Password Boss.
   
• Consider adding 2-factor authentication for your admin user accounts at a minimum, and if possible, for all users.
   
• A full audit trail of all changes to your account is found on the Reports tab of the portal. Review this monthly as part of your regular security reviews to ensure everything looks correct on your account.