Login
Register

Why Writing Down Passwords Is Risky

A Plain English Guide for Business Owners

 

If you’re like most New Zealand business owners, you probably have passwords written down somewhere. Maybe they’re on sticky notes, in a notebook, or in a spreadsheet that everyone can access. It seems practical, your team needs to log in to supplier websites, your accounting software, or other systems and this is the easiest way to share access.

But here’s the problem: this common practice puts your business at serious risk. This guide explains why in plain English and shows you a better way.

 

The Way Most Businesses Handle Passwords

Let’s be honest about what actually happens in most small businesses:

  • Passwords written on sticky notes near computers
  • A shared notebook in the office with all the login details
  • An Excel spreadsheet or Word document with passwords that multiple staff can open
  • Passwords sent via email or text message to team members
  • The same simple password is used for multiple sites because it’s easier to remember
 
Sound familiar? You’re not alone. About 65% of New Zealand small businesses do this. It feels practical and gets the job done. But it creates serious problems that could cost you dearly.

 

The Hidden Dangers You’re Facing

Here are the real problems with writing down passwords, explained in plain business terms:

1. Anyone Can See or Steal Your Passwords

Think about who has physical access to your office:

  • Cleaners working after hours
  • Contractors doing maintenance or IT work
  • Visitors or clients passing through
  • Former employees who still have the notebook photo on their phone
  • Anyone who walks past a desk with sticky notes
All someone needs is a quick photo with their phone, and they have access to your bank accounts, supplier accounts, and other important systems. You’ll never know it happened.

2. When Staff Leave, You Have a Nightmare

When an employee leaves your business, especially if it’s not on good terms, they still know all your passwords. What needs to happen?

  • Someone must log into every single system and change every password
  • You have to remember which systems they had access to (and you probably won’t remember them all)
  • Then you have to tell all remaining staff about all the new passwords
  • This process takes hours and is never done completely
Result: Former employees often retain access to your systems for weeks after leaving. If they wanted to cause problems, they could.

3. You Have No Idea What’s Actually Happening

With written passwords, you can’t answer these important questions:

  • Who logged into your accounting software last night?
  • Did anyone access your bank account from an unusual location?
  • When was the last time someone used the supplier portal password?
  • If something goes wrong, who is responsible?
You have no record of who accessed what, when, or from where. If money goes missing or something suspicious happens, you’re flying blind trying to figure out what occurred.

4. Your Cyber Insurance Could Refuse to Pay

This is the big one that catches business owners by surprise.

Cyber insurance companies are now asking hard questions about how you manage passwords. If you tell them you write passwords down or keep them in a shared file, they will:

  • Charge you higher premiums
  • Exclude password-related breaches from coverage
  • Potentially refuse to pay claims if they find you weren’t managing passwords properly
Imagine: Someone uses a password from your notebook to access your systems and steals $50,000. You file a claim with your insurance, but they refuse to pay because you weren’t properly securing your passwords. You’re out $50,000 plus your insurance premiums.

5. The Passwords Are Wrong or Outdated

Here’s what happens in real life:

  • You change a password because the system forces you to
  • You forget to update the notebook or spreadsheet
  • Now you have multiple versions of the password floating around
  • Someone gets locked out because they used the old password too many times
  • You waste time resetting passwords and figuring out which version is current
Lost productivity adds up quickly when people can’t access the systems they need to do their jobs.

What This Actually Costs Your Business

Let’s put this in practical terms:

Time wasted on password problems: Your staff probably spend 1-2 hours per month dealing with forgotten passwords, lockouts, and finding the right password from the notebook. That’s 12-24 hours per year per person.
Staff leaving process: Changing all passwords when someone leaves takes 4-6 hours of work. Multiply this by how many staff leave each year.
Insurance premiums: Poor password practices can increase your cyber insurance costs by 20-30%, or result in coverage exclusions.
Actual security breach: The average cost of a password-related breach in New Zealand is around $200,000 when you factor in investigation costs, lost business, legal fees, and reputation damage.
Even if you never have a major breach, the daily inefficiencies and risks are costing you money and creating unnecessary stress.

 

How SafeKey Solves These Problems

SafeKey is designed specifically for business owners who understand these problems but need a practical solution that doesn’t require technical expertise. Here’s how it works in plain English:

Passwords Are Hidden and Protected

Instead of writing passwords down where anyone can see them, they’re stored in an encrypted vault. Think of it like a safe that only your authorised staff can open with their personal key.

What this means for you:
  • No more sticky notes or notebooks that anyone can photograph
  • Even if someone steals your computer, they can’t access the passwords without the right credentials
  • Your passwords are as secure as your bank’s mobile app

Instant Access Removal When Staff Leave

When someone leaves your business, you click one button, and their access is gone immediately. They can’t get into any of your systems, even though they might remember what the passwords used to be.

What this means for you:
  • No more spending hours changing passwords across dozens of systems
  • No worrying about what a former employee might access
  • Your remaining staff keep working without disruption
  • The whole process takes 30 seconds instead of 5 hours

 

Complete Record of Who Did What

SafeKey keeps a searchable record of every time someone accesses a password. You can see exactly who logged into which system, when, and from where.

What this means for you:
  • If something suspicious happens, you can find out exactly who accessed what
  • You can prove to your insurer that you’re monitoring access properly
  • Staff know their access is being tracked, which reduces the chance of problems
  • You can answer questions from auditors or investigators with certainty

Share Access Without Sharing Passwords

Here’s something clever: with SafeKey, you can give someone access to a supplier website without them ever seeing the actual password. They click a button, it fills in the login for them, and they’re in. But they never saw the password, so they couldn’t write it down or share it.

What this means for you:
  • Multiple staff can use the same supplier account safely
  • No one can accidentally or deliberately leak the password
  • When staff leave, they don’t know the passwords, so you don’t have to change them
  • Collaboration is easy without compromising security

Your Insurance Company Will Be Happy

SafeKey ticks all the boxes that cyber insurance companies want to see:

  • Passwords are encrypted (not written down)
  • You have two-factor authentication (an extra security layer)
  • Access can be removed immediately when staff leave
  • You have audit logs showing who accessed what
  • Your data stays in New Zealand (important for compliance)
 
This means lower premiums, better coverage, and the insurance will actually pay out if something goes wrong.

 

A Real-World Example

Let’s look at a typical small business scenario:

You run a construction company with 15 staff. You have logins for:

  • Your accounting software (Xero or MYOB)
  • Multiple supplier portals (Place Makers, Bunnings Business, electrical suppliers)
  • Council resource consent systems
  • Your business banking
  • Insurance portals, vehicle fleet management, and more
Currently, you have these passwords in a notebook in the office. Your admin person and project managers all use it.

 

The Old Way (What You’re Probably Doing Now):

  • A project manager quits unexpectedly
  • You realise they know all your supplier passwords
  • Your admin person spends a whole day logging into each system and changing passwords
  • They miss a couple of systems
  • Everyone gets confused about which passwords changed
  • Someone gets locked out of Xero, trying old passwords
Time cost: 8 hours of wages lost. Remaining risk: Former employee could still access some systems.

 

The SafeKey Way:

  • Project manager quits
  • You log into SafeKey and click ‘Disable User’
  • They immediately lose access to everything
  • No one else is affected
  • You can see exactly what they accessed in their last days if you need to check
Time cost: 2 minutes. Remaining risk: None.
That’s the difference SafeKey makes in real business situations.

 

What SafeKey Costs (And What It Saves)

SafeKey costs $36 per user per year, plus GST.

For a business with 10 staff, that’s $414 per year total. For 25 staff, it’s $1,035 per year.

Now compare that to:
  • Time wasted dealing with password problems: $2,000-4,000 per year in lost productivity
  • Higher insurance premiums: $500-2,000 per year extra
  • One security breach: $200,000 average cost
  • Peace of mind: Priceless
SafeKey pays for itself many times over, even if you never have a major security incident.

 

Getting Started Is Simple

You don’t need to be technical to use SafeKey. Here’s what happens:

  1. We set up your secure vault (takes about an hour)
  2. We help you add your staff as users
  3. Your team installs a simple browser extension (like an ad blocker)
  4. You add your passwords into SafeKey (we can help with this)
  5. That’s it – you’re protected
From then on:
  • When staff need to log into a website, they just click, and SafeKey fills it in
  • When you hire someone new, you add them to SafeKey and give them access to what they need
  • When someone leaves, you click one button to remove their access
  • If you ever need to check who accessed something, you can search the logs
It’s easier than what you’re doing now, and infinitely more secure.

 

 

The Bottom Line

Writing down passwords or keeping them in a shared file feels practical, but it creates serious risks that could cost you your business:

✗ Anyone can steal your passwords

✗ Former employees retain access

✗ You can’t prove who accessed what

✗ Your insurance might not pay claims

✗ Passwords get lost, outdated, or confused

 
SafeKey fixes all of these problems for less than you’d pay for a coffee per staff member per month.

✓ Your passwords are encrypted and secure

✓ Instant access removal when staff leave

✓ Complete record of who accessed what

✓ Your insurance company is satisfied

✓ Passwords are always current and easy to use

The question isn’t whether you can afford SafeKey. The question is whether you can afford not to have it.

Ready to Protect Your Business?

Contact SafeKey for a free consultation
Website: www.SafeKey.co.nz
Email: info@safekey.co.nz

Simple password control for New Zealand businesses

Main Website
Sign Me up, Lets get started
I have a Query