Best practices for heylogin Org-Admins

heylogin makes the handling of passwords much easier, no matter if private or business. However, when using heylogin in your company, there are several key considerations that organisational admins should keep in mind to maintain control. This article will give you an overview of the most important things you can do as an admin. Let's start with the most important point: Recovery.
Two admins for recovery

You should have at least 2 organization admins within your organization. This way, you ensure that access to the organization is still guaranteed if an admin loses access, for example due to a defective smartphone.
If you are the only admin and you happen to lose access, in most cases heylogin support can't help. Since the heylogin organization is tied to the admin account, this can cause the entire company to lose access in the long run.
If you want to secure your access even further or do not have the capacity for multiple admins, there are other features for that in heylogin. For example, in addition to the backup functions of heylogin and smartphone, additional devices can be set up for unlocking.
Yubikey as emergency key

In addition to the smartphone, heylogin offers additional ways to unlock its web session. These include device-specific techniques like Windows Hello and Apple's Touch ID, as well as the Yubikey.

All alternatives allow accessing the account via an alternative 2 factor, but Windows Hello and Touch ID only work on devices that support this feature.
The Yubikey has to be purchased separately, but it allows unlocking the account across devices, which is handy in an emergency.
Restrict access

Regardless of whether you use an ISMS (Information Security Management System) in your company or not, restricting employee access to relevant logins is always a sensible approach. This can be done, for example, via the permissions in heylogin:

In addition, it is important to regularly check that all employees only have access to the logins they really need. This means that regularly checking the teams and seeing whether every member should still have access to them is an important work routine.
heylogin guidelines for employees
In the work environment, it is common for errors to occur when utilising new software, no matter how easy it is to use. To best prepare your users for working with heylogin, you can simply share the information in the following section and adapt it for your company situation if necessary.
Personal logins and teams

Personal logins are:
- only for the individual user
- reserved for individual logins (own work email etc)
- are NOT intended for private logins

Teams are:
- areas where logins can be shared
- best sorted by departments (marketing, accounting, etc)
- collection points for sensitive data, so only people who need access should have it
Sharing logins

The sharing of logins is done via the team function. Only users who really need access should be invited to the team. Permissions can be used to further restrict the visibility of the password and sharing.
This function is NOT intended for sharing home use logins.
Private use
heylogin can also be used for private use. For this you can create a private account in the settings. The private account is distinct and separate from the organization account.
However, this also means that in case of smartphone loss, the admin cannot disconnect the device and reconnect the user. So, when creating a private account, you have to take care of various backup features yourself. For example, by means of our backup code.
Important: a private account is not created automatically. As an admin you can invite new members to the organization via email, so no private account needs to be created by the new user.
Bonus: Set login location

When generating a new login directly on a web page, a location can be specified. Either for this time only, or as default for every generated login. This works both for the login form of web pages via heylogin icon or when generating passwords via overlay (for this you have to click the eye icon). This has to be done by every user individually.
These were our best practices for organizational admins. If you have any further questions, requests or problems, please either message your contact person at our company or email to our support.