A security system is only as strong as its weakest link. Despite advances in cybersecurity, such as encryption, two-factor authentication and single sign-on, passwords remain the first line of defense for most businesses. Some organizations have gotten better about forcing employees to create complex passwords, but users often skirt these requirements by creating “complexified” versions of their favorite (and often insecure) passwords from personal accounts.
.jpeg?width=350&height=233&name=AdobeStock_361476607%20(1).jpeg)
All this adds to the burgeoning problem of having too many passwords to remember: a 2019 Google/Harris poll found that 75% of Americans were frustrated trying to keep track of their passwords; 66% use the same password for multiple accounts; and 59% incorporate personal information – such as birthdays, a pet’s name or a child’s name – into passwords.
Is it any surprise four in 10 Americans say they’ve had personal information compromised online? Sadly, we have little reason to suspect these numbers are getting any better—and the risk for businesses has never been bigger.
Password managers are gaining prominence as a solution to the problem. But what is a password manager—and is it the right choice to augment your organization’s cybersecurity capabilities?
Password managers take all the hard work out of creating, managing and recalling secure, complex passwords. They can be mobile apps, browser extensions or downloads for your desktop. They are often referred to as “vaults” since they can also contain other sensitive information, like Wi-Fi passwords and shared files.
For most organizations, the most significant advantage of a password manager is that your employees will only need to recall a single password to access everything. This frees them up to make their master password pretty complex.
Depending on the device you use to access your password manager, biometric logins like Face ID and fingerprint scanning may be an option, adding another layer of security and giving you one less thing to remember. Enterprise-tier subscriptions often include single sign-on for cloud apps, password health audits and password sharing between approved users.
Whether your organization uses a password manager with cloud or local storage, your passwords and other items in your vault will be encrypted: only the master password can unscramble your data. As a result, even if cyber thieves hack the password manager, they won’t be able to do anything with your data.
As we said earlier, one way people deal with password overload is to choose basic passwords, which are often easily guessed. Many password managers also serve as password generators, creating long, complex strings that cyber crooks cannot easily crack. Most importantly, the passwords will also be unique to each application your company uses, making it impossible for cyber thieves to account-hop.
Many business-focused password managers also offer password health dashboards that allow you to track the quality of your employees’ passwords easily. If you see employees starting to slip, a nudge in the right direction can help avoid an organizational data breach.
.jpeg?width=350&height=233&name=AdobeStock_210771214%20(2).jpeg)
While complex passwords are great for security, they can be a pain to type in. Many business password managers will allow employees to autofill credentials, saving time and frustration (and making it more likely they won’t resist using the technology).
Depending on the password manager you choose, you might be able to have passwords flow back and forth from your desktop to your employees’ phones. This is very convenient if sales reps need to access secure documents or applications while in the field.
The downside of only having one password to remember is that your employees could find themselves in a tight spot if they forget it. Some password managers will allow you to hint at the password or use biometric data to bypass it entirely, but there may eventually come a time when there’s no choice but to involve your IT department.
Although unlikely, sophisticated hackers can steal employees’ master passwords with sophisticated phishing emails, keyloggers or other malware. To keep your company’s data safe, regularly remind employees to think twice before downloading anything and to avoid attachments on emails from people they don’t know. You may consider implementing a rigorous anti-phishing program that allows employees to safely report suspicious messages to your IT department for further investigation.
There’s no way around it: getting your employees to replace their beloved passwords with secure ones from your password manager won’t be fast, easy or fun. Then again, neither is recovering from a data breach.
Convenience is the enemy of security. If your employees’ master passwords get compromised, an attacker now has the keys to the kingdom. But reminding employees to follow basic web browsing best practices can help minimize this possibility.
Adding a password manager to your organization’s cybersecurity arsenal will require an investment. Nobody likes to go through budget line items looking for extra funds, but recovering from a hacker obtaining and exposing organizational data – especially if you have your sensitive customer data like credit cards, passwords or even bank accounts in your databanks – is much costlier than implementing a password manager.
When it comes to your employees and the web, there is no such thing as “totally secure.” And there are definite challenges with incorporating a password manager into your company’s security practices.
But password managers are ultimately a smart move that will help insulate your company from the risks posed by employees using weak, repeated passwords.
Strategic 7 Marketing can’t help you remember your passwords, but we can help drive traffic to your website. To learn more, check out our free website audit report.
.png "Hubspot Partner Logo (ID 151409)")
