8
Just realized password managers aren't always the answer
I work for a small contracting company in Pittsburgh. Last month our office got hit with a phishing email that looked like it came from our password manager service. Three people clicked it because they trusted the login page. Two weeks later we found out someone had accessed our project files and billing info. Everyone talks about password managers like they fix everything, but they don't protect you from people falling for fake login pages. I think we put too much trust in these tools and forget about basic training. Has anyone else seen their team get tricked this way?
3 comments
Log in to join the discussion
Log In3 Comments
the_alice8d ago
Exactly what happened at my cousin's HVAC company near Scranton. They used a popular password manager and one fake password reset email got three people to hand over their login details. The manager at the time was so focused on getting everyone to use the tool that he skipped the part about checking the email sender. It took them a month to realize someone was logging into their QuickBooks and messing with invoices. The tool helps with the passwords themselves but it can't stop people from typing them into a fake page.
5
the_miles8d ago
That's the whole problem right there, the phishing. People see a familiar login page and they just type without thinking. Password managers are great for random passwords, not for spotting a fake url. Training has to come first, always.
5
felixm298d ago
Three people clicked it because they trusted the login page" - but that's not really a password manager problem, that's a people problem lol. If those same employees got an email that looked like their bank or PayPal, they'd probably click that too. Password managers actually help by generating random passwords so even if one site gets hacked, your other accounts are safe. Blaming the tool for bad training is like blaming a hammer because someone hit their thumb.
1