Virtual Data Room Blog

Improving Virtual DataRoom Security-Do's & Dont's Of Managing Passwords

23-Jan-2013 16:10:00 / by Sara Salehian

Virtual DataRooms are used by advisory firms such as law firms and investment banks as well as corporations to protect sensitive information during transactions. Making these confidential documents available to third parties involves competitive and legal risks, which are likely to be at the forefront of your mind as a user.

In order to best protect your information, and in turn your company, you should have carefully considered your DataRoom provider, with proper data room infrastructure, personnel, document policies, and back-up and recovery processes. However all of this careful preparation could be completely useless if you don’t have a secure password.  Unfortunately, good password practice is not quite as straightforward as not using ‘password’ or your birthday as your log-in details. Here are some tips and pointers to set up the right policies to use to ensure you information, whether it is legal, taxes, finance or information technology, is protected.

You need strong password management policies and procedures to mitigate security risks. Guidelines for your virtual data room security need to go beyond the conventional assignment of passwords and the requisite nondisclosure agreements. Start by having clear responsibility over password policy for your organization. The following tips can help you develop an effective password management strategy to enhance VDR security:

1. Password Length

The National Institute of Standards and Technology (NIST), which the federal government adopted in 2007, recommend a strong password that consists of a minimum of 12 characters. Avoid creating passwords with fewer characters because the NIST standards consider less than 12 characters a higher security risk.

2. Make Passwords Unique

The complexity your passwords carries more weight than length. Features of a strong pass word include password length, capitalization, numbers, and special characters. Create truly random and unique passwords – something like @aUcH#%6Vt$3. but not as unattractive as the example. Assign users a password they can remember without the need to write it down.

3. Password Changes and Logins

An effective password policy includes specific guidelines for how often administrators need to change users’ passwords. The plan should also contain the number of failed login attempts allowed before it locks the user out of the system. Clarify the instructions the user must follow to gain access to the system. Never recycle old passwords.

4. Administrative Passwords

Set the administrative passwords for your VDR at 15 characters. Do not use one administrative password for all uploads. Each person authorized to upload documents and data to the VDR should have a separate password.

5. Security Breach

Explain the importance of users reporting any password incident that may compromise virtual data room security and the consequences of sharing a password. Put a system in place to report and document breaches and have clear remedies in place which includes disabling the password without hesitation.

Keep it Safe  - 

1) Never Share your Password 

Your password is like your signature; giving it to other people is like giving them the authority to sign your name and implies that whatever they do has your approval. The system monitors every single activity of the user on the platform and it leaves a unique activity footprint. Its your account and you would be held responsible for all the activity performed with your login.

2) Never Write Down your Password 

We all have an increasing number of passwords for all the websites we access on a frequent basis. Often times, you would write down your password somewhere till you get a hang of your password and memorize it. Passwords that are written down are more prone to being stolen. If you wish to do this; it is always better to use a secure password managing software to store your passwords. A safe and easy system to set and maintain passwords is key to keep information secure.

3) Never authorize your browser to store your password

A number of browsers prompt you to store your password to avoid the hassle of having to type it in each time you want to access a particular service. Despite the convenience, its a really bad idea as it exposed your account to a serious vulnerability. It becomes easy for malicious software's to exploit this vulnerability and access your details without a sweat.

4) Don't use a single password for all your accounts

This is another common mistake which we end up committing. The password protecting your most sensitive information should always be different . You can use the same password but with different combinations . This will make sure that you don't end up forgetting your password and at the same time you are keeping it different to avoid vulnerability.


Your VDR password management policy must strike a balance between making access to documents and information as convenient as possible and security. Protection does not hinge on a single magic security feature, but consists of a blend of layers that keep the VDR secure.

If an intruder breaches one layer of security, the security feature underneath contains the intrusion. Make sure your virtual data room security plan includes a periodic review of all policies.


                                         Virtual Data Room Whitepaper

Topics: Data Room, virtual data room, VDR, Data Security, dataroom