Passwords are the weakest link in the majority of data breaches and cybersecurity incidents.
Although awareness of the importance of strong passwords has increased dramatically in recent years, it remains a significant issue for organisations of all sizes.
According to Verizon’s most recent Data Breach Investigations Report, compromised passwords are a factor in 61% of all data breaches, while weak passwords account for up to 30% of all ransomware attacks.
With the average user having access to more than 70 password-protected applications, online accounts or software platforms, creating and remembering a strong and unique password for each one can be a challenge. Many people end up using the same login credentials for multiple accounts, which means that if hackers crack one, they can crack them all.
And, thanks to the rise in homeworking and staff using their own devices to access corporate systems, software and data, this can pose a huge cyber risk for your business or organisation.
Having robust password policies in place is one thing, but they can be ineffective if they aren’t monitored or enforced correctly.
One solution is to use a password manager to ensure your users adhere to password best practice across your organisation.
What is a password manager?
Password managers are subscription-based tools that help organisations ensure their users comply with password policy while remembering the passwords they create.
They enable users to create unique and high-strength passwords for all the accounts they have and store them in a secure ‘vault’, which can only be accessed with a master password.
Most password managers can auto-generate strong, unique passwords using different characters. They also recognise and auto-fill the login details for websites, software platforms and apps once the user is signed in.
It means that the user only needs to remember the login details for their password manager account, and the tool does the rest.
This saves users from having to create and memorise multiple passwords for multiple accounts, or write them down or store them electronically which can create huge problems if they fall into the wrong hands.
There are several password managers available, and all do a similar job. Most are platform agnostic and will work on PCs, Macs, Android and iPhones.
Many paid-for password managers also support biometric unlock meaning that once a user has set up their master password, they can access their vault or login to software and applications via fingerprint or iris match.
Password managers have high levels of in-built security and encryption. They can go a long way to solving your organisation’s password issues, reducing your cyber risk and making your employees’ lives easier.
How do hackers steal passwords?
Businesses and organisations of all sizes are under constant threat from cybercriminals, and the risk is evolving all the time.
Hackers use ever-more sophisticated technologies and techniques to find and exploit weak links in a network’s cybersecurity to access sensitive and valuable user data.
This can take many forms, both from inside and outside your organisation.
At the most basic level, hackers simply observe users typing their usernames and passwords in a similar way to criminals who ‘shoulder surf’ their victims at a cashpoint to try and get their card pin number. So, making your staff aware of the need to be vigilant and not reveal any sensitive information like passwords in the company of colleagues or visitors is vital.
A real-world example of how passwords might be compromised in this way is someone logging into their user account on a big screen while giving a presentation, or logging into a password-protected app or system while in screen-share mode on a video call. While most passwords remain hidden or anonymised while logging in, some software allows passwords to be shown as they are typed. This option should be used only if there are no prying eyes around.
Sharing passwords among teams can also cause issues. For example, if your organisation has only one Zoom account, users may be tempted to share the login credentials among themselves. But if you’ve set the account up using the same password as your Facebook account or online banking, anyone with that password may now be able to access those accounts.
Staff should also be aware of more sophisticated methods of password theft, including professionally presented ‘phishing’ scams. This is where a credible-looking email contains a link to a website which mirrors a well-known brand such as Amazon or Microsoft and asks the recipient to log in to see the latest offers. They appear convincing and trustworthy and can persuade even well-trained users to reveal their login credentials.
Cybercriminals who already have a foothold in an organisation’s network use malware to search for user credentials, log keystrokes and extract encrypted password files, which can then be cracked offline.
More advanced hacking techniques include intercepting the network traffic of staff devices when they are working remotely or using public WiFi.
So-called ‘brute force dictionary attacks’, meanwhile, see hackers run automated scripts that try millions of password combinations over a short period until the correct one is found.
That’s why it’s essential to use longer passwords with a combination of different characters because the more complex a password is, the longer it takes to crack.
The benefits of using a business password manager
Using a password manager can help your IT team keep track of the passwords being used across your organisation according to your password policies and ensure best practice.
The main benefits of using a password manager include:
Gain complete visibility of employee password practices
Research has found that around 90% of computer users reuse the same password across multiple accounts. As an organisation, this places your network, systems and data at huge risk.
A password manager will help centralise your organisation’s password practices, giving you complete visibility through a single dashboard.
Enforce password policies
Centralising and standardising your password management means you can better enforce your organisation’s password policies. This can help ensure strong, unique passwords for all your users and help implement additional protected measures such as multi-factor authentication on software, websites or applications that support it.
Dark Web Monitoring
A password manager can give insight into which of your users are at higher risk of compromise by monitoring activity on the dark web for email addresses you own that have been compromised.
They can check your email addresses against a database of breached credentials to see if they have been involved in any breaches. If the scan shows an account has been compromised, you’ll receive an alert that tells you which account needs attention.
Secure password sharing
A password manager makes it easy to securely share shared passwords across teams without the need to write them down or email them. Password managers enable users to create secure shared ‘vaults’ for departments, project teams and other groups.
Easier staff onboarding
Password managers help make onboarding new staff easier. All their accounts and passwords can be set up in their vault before joining, so they only need to be issued with their master password when they start. And when staff leave, their accounts and password vaults can be easily deleted or deactivated.