123456, 123456789, and password. These were three of the most-used passwords in 2020, according to an annual review of passwords leaked during data breaches. These and other bad passwords could be guessed in seconds; less than half of the passwords used last year were defined as “unique,” according to the review. Bottom line: We practice poor password behavior and things have not improved much in the five year history of the review.
While the password, password, may make us chuckle, the state of our passwords presents a significant security risk for businesses. Nearly 80% of breaches leverage weak or compromised passwords, according to the Verizon Data Breach Investigations Report, and 316,000 people were found to be using already-compromised passwords, according to research from Google.
Are you one of the countless people using easy-to-guess passwords or reusing passwords on multiple accounts? It’s time to make a change to prevent our passwords from putting our information and operations in a vulnerable position. The frequency and sophistication of cyberattacks is expected to increase in 2021, and security is—or should be—a top concern for businesses of all sizes.
As cybercriminals continue to target and find ways to compromise corporate information, it's never been more important to provide employees with tools to safely manage their passwords and break poor habits. In that spirit, we look at the benefits of using a password management tool for your business, including a simplified process for remembering passwords, stronger password creation, and more secure use of shared accounts.
Simplify the Process
The U.S. EPA’s Reduce, Reuse, and Recycle campaign can help us protect the environment and conserve natural resources—but it doesn’t apply to the way we operate our businesses. Too many people reuse the same password across multiple accounts. Which means that if one account is compromised, all accounts may be compromised. As an example, consider a Dropbox breach that led to the theft of 60 million user credentials. An employee was found to have used their LinkedIn password for the corporate Dropbox account, even after LinkedIn had suffered a data breach resulting in compromised credentials.
Often, the reason we’re reusing passwords is for ease. It’s hard to remember multiple passwords and the process to reset a forgotten password every time you log on is admittedly cumbersome. The best solution is a quality password management tool, which is an application that stores and organizes usernames and passwords, meaning no more memorization of multiple complex passwords. To access all of your many passwords, you only need to know a single password—to the password management tool itself—which provides quick and easy access to your credentials. Many password management tools will also auto-populate your username and password for your various accounts.
Set Strong Passwords
Most of us recognize that we should be setting stronger passwords (and we also know how to do just that), but it’s hard to keep these numerous credentials straight. The National Institute of Standards and Technology (NIST) recently revised its password guidelines, suggesting among other things that human-set passwords be 8 characters at a minimum, that password fields should be lengthened to 64 characters, and that we should allow the use of all ASCII characters, including spaces. NIST also suggests that businesses screen passwords against “blacklists” of common or compromised passwords.
A password manager alleviates this challenge, as it only requires a user to remember one strong password to access all other strong passwords. This means that you can more easily create long and complex passwords for all accounts without having to remember them all. It also prevents the dilution of a strong password by adding characters like 1, 2, 3 to the end of a strong password for use across accounts (which is not an advisable approach). And, hopefully, it also prevents people from visibly jotting down their passwords on various post-it notes and papers. Please throw those out.
Another benefit of a password management tool is that many applications include a service to automatically generate a strong password that meets your defined requirements. Which means that you build strong password practices into every password generated through the tool.
More Easily Manage Shared Accounts
When it comes to our password practices, sharing is not caring. It happens more than one might think. One survey found that more than one-third of respondents admitted to sharing passwords or accounts. Often, the reason people share passwords and other credentials with co-workers is for easier and better collaboration. While the intention may be altruistic, the outcome is far less charitable. In sharing passwords, your business can lose sight of who has access to what, and, in some cases, people may retain this access long after they’ve left a company.
Here, again, a password management tool provides the solution. The right application will reduce the risks associated with password sharing while at the same time allowing for easy collaboration among users. This is especially important now, as more people are working remotely from different locations. A password management tool will control who has access to what password, and these passwords can be changed as needed. For example, a marketing agency may manage the social media accounts for multiple clients. With a password manager, that agency can easily make the account details available to specific team members, without compromising the security of their numerous clients.
Strengthen your Cybersecurity
The other key benefit of a password manager is that it greatly improves the overall cybersecurity posture across your entire business. It ensures strong passwords and safe practices and prevents password reuse and sharing, all of which can help prevent intrusion from cybercriminals and reduce your overall attack vector.
There are numerous password management tools available on the market. As you explore the options, consider coupling your investment in a password manager with a larger cybersecurity strategy for your business, including a business continuity and disaster recovery component so you’re prepared to react to an attack and get back to normal as soon as possible.
You may want to consider reaching out to a cybersecurity expert here. The right provider can help you identify, configure, and implement a password manager, and provide the overall technical expertise to help you securely deliver upon your business vision. At N8 Solutions, for example, we’re proud to partner with MyGlue, a best-in-class and popular password manager, and we offer full integration and set-up, training, and ongoing technical support.
In closing, please ask yourself these questions. Was your password mentioned in the opening paragraph? Do you use the same password on more than one account, no matter how sparingly or superficially you access that account? Have you shared your password with a colleague, to make it easier to collaborate on projects?
If your answer is yes to any of these scenarios, now is certainly the time to make an organisation-wide change toward better security, beginning with better passwords.
Please get in touch with our experts today for a free consultation!