Chief Security Advocate at Attivo Networks
Everyone knows it’s a good idea to use strong, unique passwords, and as employees around the world have been forced to work remotely, logging in from multiple devices and multiple locations, the need for strong password security has only grown. But last year’s Verizon Data Breach Investigations Report (DBIR) revealed that weak or compromised credentials still cause 80% of hacking-related breaches. Throughout the current pandemic, attackers have been scouring remote workforce applications to gather and sell user credentials on the dark web, even targeting healthcare organizations such as the National Institutes of Health and the World Health Organization.
For those who use the same passwords for both their work and personal accounts, this is the time to get serious about password security, and switching to a password manager is a great way to do just that. A recent
Fast Company article noted that “most people still don’t use a password
manager, which leads many to select the weakest password they can get away with under whatever rules an organization or site sets,” creating clear
opportunities for cybercriminals.
Fortunately, password managers are inexpensive and are becoming an increasingly common and easy-to-use tool, with both businesses and individuals enjoying significant benefits from their use.
Password Managers Enable Measurably Greater Security
Most individuals understand that stronger passwords are better, and most also understand that frequently changing passwords is a good idea. But when implemented hand-in-hand, these two measures can actually be at
odds with one another, prompting the use of variations on a password that is easy to remember.
For many, this might mean reusing a personal account password for a business account or using simple permutations, such as adding a “1” or a “!” to the end. Worse are users that store their passwords in a document or spreadsheet with no encryption or protection just to keep track of the complex passwords they have for each account they use.
The risks here are clear: if a commonly used password is compromised, an attacker testing that password on other accounts can potentially brute force their way onto a user’s system and subsequently onto a corporate network.
The notion that attackers can breach an organization’s network
because they compromised the password to an employee’s personal Twitter account should be concerning to all—and based on what we know about how people generate and reuse their passwords, it’s well within the realm of possibility.
One of the immediate benefits of a password manager is the ability to generate more complex passwords using random characters that it then
stores in an encrypted vault. It won’t come as a surprise that “uwRn#B^6hGnKP” is a stronger password than “David1974,” but most users shy away from complex passwords because they are impossible to remember.
The use of a password manager eliminates this concern, enabling employees to use lengthy and highly complicated passwords for every account while also allowing them to quickly and easily change those passwords in the event of a compromise. Because each password is
entirely unique and stored securely, employees can be confident that one
compromised password does not risk the security of other accounts.
Passwords Managers Protect Against More Than Just
Many password managers sync to the cloud, enabling logins across multiple devices—a must in today’s BYOD and remote working reality. Once a user enters an account’s login information into the password manager, it will automatically fill in the login information when the user visits the site or opens the app associated with the account.
This feature has the benefit of protecting against specific phishing scams designed to steal credentials: if a scammer’s link takes an employee to a site with the wrong URL, the password manager will not fill in the appropriate information, potentially saving one from a costly mistake.
Password managers usually keep the passwords in an encrypted database, protected by a master password that only the user knows. There is no
fear that an attacker will steal a password document or spreadsheet and gain access to all the accounts stored inside.
The user must enter the master password (or authenticate via biometrics) to access the stored passwords. These factors make it simpler for users, since they only have to remember one complex password—the password manager takes care of the rest.
Most password managers also include the option for two-factor authentication on every account. Ideally, the password manager app should be installed on every employee’s phone, enabling them to approve all login attempts quickly.
Some password managers even add an extra layer of protection in the form of biometrics, which allows employees to authorize logins with the swipe of a fingerprint, and limiting potential compromises only to attackers capable of hacking biometrics. Credential-snatchers are generally searching for an easy target, and merely making their job more difficult is often an effective deterrent.
Password Managers Are an Easy-to-Use Way to Boost Your Cybersecurity
Although nothing is ever 100% safe from attackers, ensuring that you are using complex, randomly generated passwords backed up by two-factor authentication will make you and your company significantly harder to compromise than most, whether your employees are in the office or working remotely.
As the Verizon DBIR notes, weak and stolen credentials remain one of the most common threats facing today’s businesses, and even the most effective firewalls in the world can’t protect against a stolen password. While modern in-network defenses now include safety nets for detecting the use of stolen credentials, a password manager can help avoid the compromise of those credentials in the first place.
Create your free account to unlock your custom reading experience.