Post by account_disabled on Dec 20, 2023 23:29:40 GMT -5
You know it. Every digital agency needs a lot of access to the client accounts in which it does its work. In today's article, we will look at how we manage our clients' passwords at Sun - securely, simply, without unnecessary costs. Why you shouldn't like shared passwords too More advanced services support some form of multi-user access (Google Analytics, Google Tag Manager, Sklik) or making the client's account available to the agency via an agency account (Google AdWords MCC, Facebook Business Manager). Unfortunately, there are still a large number of services for which the only way for the client and the agency's specialists to access them at the same time is by sharing a password . So, simply put, the client and the agency (and all its specialists who work on the client) log into the service with the same login name and password.
Examples B2B Email List are Heureka, Instagram, Twitter, YouTube and others. image Are your passwords safe? While multi-user accesses and accounts made available to the agency through an agency account are a fairly reliable solution, password sharing is a problem . For these reasons, among others. Shared passwords need to be stored somewhere, so the agency must implement some sort of system to restrict access to shared passwords so that only those who really need access to the shared password have access to it . Unfortunately, agencies are no exception, in which all passwords are recorded in one document or accessible to all directly in a custom system. If any specialist then leaves the agency, all passwords to which they had access must be changed - even if they have never used them. In our case, this means having to change about 100 passwords when the specialist leaves! A consequence of the previous point is the extremely high cost of managing shared passwords "securely" .
We can talk about relative security if, when the specialist leaves the agency, all shared passwords to which he had access are changed. But this usually means several man-hours of painstaking work and the need to secure everything with appropriate processes. Due to the unwritten laws of agility, the practical result is that many agencies do not change passwords at all. If all users log in under the same login name and password, it is not possible to retrospectively evaluate who made which change in the system . Which can be useful, for example, if a spend campaign with a monthly budget of CZK 200,000 realizes this spend already in a week
Harassing clients with frequent password changes is quite annoying for both parties. In an agency with a few people, this problem is not so common, but in larger agencies, where the arrival and departure of new specialists is more likely, it grows.
Examples B2B Email List are Heureka, Instagram, Twitter, YouTube and others. image Are your passwords safe? While multi-user accesses and accounts made available to the agency through an agency account are a fairly reliable solution, password sharing is a problem . For these reasons, among others. Shared passwords need to be stored somewhere, so the agency must implement some sort of system to restrict access to shared passwords so that only those who really need access to the shared password have access to it . Unfortunately, agencies are no exception, in which all passwords are recorded in one document or accessible to all directly in a custom system. If any specialist then leaves the agency, all passwords to which they had access must be changed - even if they have never used them. In our case, this means having to change about 100 passwords when the specialist leaves! A consequence of the previous point is the extremely high cost of managing shared passwords "securely" .
We can talk about relative security if, when the specialist leaves the agency, all shared passwords to which he had access are changed. But this usually means several man-hours of painstaking work and the need to secure everything with appropriate processes. Due to the unwritten laws of agility, the practical result is that many agencies do not change passwords at all. If all users log in under the same login name and password, it is not possible to retrospectively evaluate who made which change in the system . Which can be useful, for example, if a spend campaign with a monthly budget of CZK 200,000 realizes this spend already in a week
Harassing clients with frequent password changes is quite annoying for both parties. In an agency with a few people, this problem is not so common, but in larger agencies, where the arrival and departure of new specialists is more likely, it grows.