Could you remember 10 passwords? 25? What about 100? A recent study suggests that the average person is responsible for a whopping 100 passwords! In today's digital world, we need passwords for nearly everything, from social media to online shopping. It’s not easy to keep track of everything, which leads to poor password habits, like reusing passwords on multiple applications or setting bad passwords to begin with (like “123456”). But it’s more than just a bad habit—it’s also dangerous. Hackers employ all sorts of password-cracking strategies which, for the average person, can lead to data or identity theft and financial woes.
Your employees often carry the same bad password habits. This puts your organization at risk of data theft, ransomware attack, financial loss, and significant reputational damage. Like us, we’re guessing that your employees can’t remember 100 strong and unique passwords. Instead, the best solution is a password manager—it’s a tool or application to easily store, generate, and manage the dozens of passwords your team relies on every day.
In this post, we share four reasons you should encourage your employees to ditch the post-it notes and “123456” and start using a password manager to stay productive and protected.
It's Easy to Remember Unique Passwords
We’re all guilty of using the same password on more than one application; one study suggests that nearly 70% of people reuse the same password, most often just because it’s easy. But it’s not a good habit to fall into. If a cybercriminal gains access to one application, they can gain access to all other accounts that have the same login. And, the more often a password is re-used, the greater risk there is of credential breach.
The best solution is a quality password management tool. Your employee only needs to know a single, strong password—to the password management tool itself—which provides quick and easy access to all of their credentials. It also saves time; many password management tools will also auto-populate usernames and passwords across an employee’s various accounts.
It's Simple to Generate Complex Passwords
Remembering all your unique passwords is one thing; setting strong passwords is another. The latest password guidelines from the National Institute of Standards and Technology (NIST) recommends that human-set passwords be eight characters at a minimum; that password fields should be lengthened to 64 characters; and that we should allow the use of all ASCII characters (including emojijs!) and spaces.
One more thing that NIST recommends: Using a secure password manager to create complex, hard-to-guess passwords. After all, the more complex your employee’s password is, the harder it is for hackers to guess.
Password managers help your employees create an almost endless number of complex passwords which include multiple and special characters. They also prevent the dilution of a strong password by adding characters like 1, 2, 3, or ! to the end of a strong password for use across accounts (which is not an advisable approach). Another benefit of a password management tool is that many applications include a service to automatically generate a strong password that meets your defined requirements, which means that you build strong password practices into every password generated through the tool.
Ditch those Post-it Notes
Another bad habit that many of us follow is jotting down our passwords on paper or storing them in an Excel spreadsheet. It’s not a good idea. Even storing passwords in a digital file can put your company at risk. Perhaps you recall the NFL Super Bowl XLVIII gaffe, in which pre-game television coverage mistakenly broadcast the stadium’s WIFI login credentials—they were plainly visible on a large, wall-mounted monitor inside headquarters. Given today’s world of remote work, we need to be more conscious than ever before of who can see what in and around our workstations and home offices.
Turn bad plays into touchdowns with a password manager. It acts as a “password vault” to securely store your passwords. Remember, your employees only have to remember one password to easily access the vault, whenever they need it. It’s a streamlined, secure alternative to those risky (and embarrassing) post-it notes.
Enhanced Security with Multi-factor Authentication
Sometimes, even a strong password is not enough to mitigate the risk of a breach. One solution is to add an extra layer of security for your employees via multi-factor authentication or MFA. At a minimum, you should consider implementing MFA for the password manager application itself. MFA supplements the traditional username-plus-password approach with a code that is unique to a specific individual. Essentially, MFA asks users to prove who they say they are. Often, these MFA codes are locally generated and delivered to a user’s device via a voice call, an SMS text message, a secure email, or through an app. It’s an added layer of security to better protect your important password vault.
The Weak Password Report 2022 suggests that more than half of organizations lack a tool to manage work passwords. Don’t count yourself among them! Curious to learn more about password management for your organization? Get in touch with us today. Together, we can ditch “123456” and post-it notes for a more productive and protected environment.