With more devices, applications, networks, and users, the complexity of password management and protecting your business’ data continues to grow. There are a few trends we see driving this complexity.
Trends in the industry
First, passwords create risks. According to the 2019 Verizon Data Breach Investigations Report, 80% of data breaches are caused by weak, reused, and stolen passwords. Ensuring your employees are using strong password hygiene is critical in preventing a data breach.
Also, employees are now working from everywhere. They may work from home, an airport, coffee shop, or while taking public transportation. Protecting your organization from an unsecured network has become that much more difficult.
Next, shadow IT is when employees utilize apps or devices that are outside the company’s knowledge and thus its control. Based on the 2009 Verizon DBIR, 77% of employees use a third-party app without the consent of their organization.
Finally, changing jobs is common. According to the Pew Research Center, 50% of the workforce is millennials, and more than half have already had 3 or more jobs. Businesses need a method that ensures that new employees have the access that they need while ensuring employees leaving the organization do not leave with access.
The cost of poor password management
Poor credential management is a cybersecurity risk that impacts the bottom-line for businesses. $3.9 million is the average cost of a data breach, according to a report from IBM and the Ponemon Institute. According to data found in a global report released by LogMeIn, Psychology of Passwords, 6 months is the average time to detect a breach. Additionally, we cannot rely on employees to practice strong password habits with no help, as the same reports show 53% of people do not change their password even after knowing there has been a data breach.
Lack of credential management also puts a productivity strain on employees. An employee types out login credentials 154 times a month. Thirty-six minutes a month are related to passwords. Seventy-six percent of employees experience regular password problems.
Passwords are just about everywhere and, quite frankly, are extremely annoying. We often forget the important purpose they serve. Passwords are a digital key to our digital life. The same way we have keys to lock our doors, key to lock our car, or even keys to enter our office building. Your passwords lock your online accounts. They help to prove you are who you say you are and have access to the account you’re trying to use. So, we should protect them like we would the keys to our house or the keys to our car.
Can you keep track of all your online accounts?
The average person has around 150 or more passwords to track. Like most people, you are probably online every day. You may go from your desktop to your mobile phone, then to your laptop throughout any given day. Throughout the day you probably visit several websites like Facebook, Twitter, LinkedIn, mobile banking, and web-based applications. So, it is easy for us to have a plethora of accounts, making it almost impossible to track all of them. Many of us underestimate how many passwords we have. Those who do start using a system to track all of their passwords will be surprised by how many accounts and passwords they have to track.
Ways people manage passwords today
Many of us have resorted to sticky notes, a Word document, or Excel spreadsheet in an effort to avoid having to remember all of our passwords and accounts. As you already know, this system tends to be a very manual, slow process. Every time you need to access an account you’re digging through notes or scrolling through a document. Not to mention, there is zero security with these methods. There’s no encryption of the files, backups, or layers of protection to prevent your passwords from being lost or stolen. This typically leads to passwords not being changed and the use of the same password over and over in order to avoid using one of the above systems. You can probably guess why this is not a safe way to manage your passwords. If just one of your online accounts is hacked and your password exposed, a hacker now has your digital key to many more of your accounts then just the one that was hacked.
Password Best Practices
It is important to have a different password, or digital key, for every account you have. Not just any password, but a truly unique password you use nowhere else. One good strategy is to use passphrases for each of your accounts. A passphrase is a unique grouping of words and numbers that means something to you. For example, I’ve always wanted a Tesla. They’re high-tech, sleek, and sexy. So, a passphrase that would be good for me could be, for example, iwantmyteslain2021. Maybe you have a dream vacation to Paris, so a unique passphrase could be something like myvacation2pariswasgreat. Creating a password for every account is a great way to improve your security. However, writing them down and having to look them up every time can affect your productivity.
Here is where the password manager comes into place. A password manager, like LastPass, is a software or app that organizes all your passwords in one, secure place. It provides the security to protect those passwords and makes it a whole lot easier to keep track of those passwords. Getting started with a password manager only requires a few steps. You’ll have to sign up for an account, download a browser add-on or app on your phone, and lastly, import the passwords you already have. LastPass even has a tool that allows you to import any passwords already saved on your computer or browser.
So, how does a password manager help? First, you’re not wasting time finding or remembering passwords. All the annoying tasks of creating, writing down, and keeping track of your secure passwords is taken care of for you automatically. These passwords are also available to you from any device you setup with your password manager. Lastly, you can have peace of mind that your passwords are locked in a secure vault.
Passwords are here to stay
Unfortunately, passwords aren’t going anywhere. Yes, there are a lot of ways that tech companies are trying to eliminate passwords, including us. In the meantime, there’s just too many passwords to deal with. It is causing us too much productivity lost, unnecessary stress, and added confusion. We live in a time where data breaches and other cyber security threats are on a rise. With all that said, it is never a better time to implement a password manager.
Feel free to reach out to Sikich and discuss how our MSP and MSSP services work to protect against these threats and promote secure password management.