One problem that’s been around ever since the very first password was needed to log into a website has been the use of easy-to-hack passwords.
The average person has to juggle 70-80 different passwords between home and work logins, and trying to remember all those passwords, much less strong passwords for each, is pretty much impossible.
So, people adopt bad password habits, and company and personal accounts get hacked as a result. Breached login credentials and access security is one of the most vital areas of cybersecurity.
According to the annual password security report by Yubico:
- 39% of users reuse passwords across personal and work accounts.
- 56% of individuals that use a personal device for work, don’t use two-factor authentication on their accounts.
- 59% of organizations rely on human memory for password management.
Companies end up in a common situation no matter how much they stress good password practices. Employees have so many passwords to remember that they can’t possibly remember strong passwords for all of them.
Some people will resort to unsecure forms of DIY password management, such as putting passwords in their Contacts application or in an unsecured spreadsheet on their device named “passwords.”
There is a much better way to manage personal and company passwords, keep them unique, strong, and get over the memory barrier. It’s through the use of a business password manager.
Online Password Managers Explained
An online password keeper acts as a secure vault that stores all a person’s passwords. Users then only need to remember a single strong password to access all the others.
There are two forms of password managers:
- Personal: Used by one person for managing their own passwords.
- Business: Companies can add users that can then manage their passwords, and companies retain access to any work-related passwords for security should an employee leave.
There are two ways a password manager can be accessed. One is through an application that’s downloaded to your device. The other is through a browser extension that can autofill passwords into websites.
Users enter their usernames and passwords into the application. When they want to use them, they input one strong password to access all the others (many online password keepers recommend using a passphrase for even higher security).
A person can then either autofill the password from the browser extension or copy/paste their login from the device app.
What About Password Management Security?
It’s natural to wonder how secure a system is that has access to all your passwords. What if the vendor gets hacked?
Most of the well-known and reliable password managers (such as LastPass, Keeper, Dashlane) Will use some of the following protections to ensure user passwords are secure and can’t be easily accessed by any unauthorized party.
- The password manager doesn’t store your master password, it’s stored locally on your device.
- There is end-point encryption that is also at the device level.
- Multi-factor authentication can be used to further secure a password vault.
- Trusted vendors will use the highest security and encryption standards.
- Regular audits and penetration testing are done on the vendor’s infrastructure.
Benefits of Using a Business Password Manager
Solves Password Reuse Issues
Hackers know that passwords are often reused, so when they gain access to one login, they will try that same combination on multiple other websites to try to hack other accounts.
Because users no longer must remember all those passwords, and only need to remember one, there’s no longer a need to reuse passwords across accounts. This makes all accounts more secure.
Solves the Weak Password Problem
Remembering strong passwords with a combination of letters, numbers, and symbols is difficult for most people, so they resort to using easy-to-guess passwords that include personal information or common terms (like password123 or qwerty).
Online password keepers will recommend strong passwords when users create or update their logins. This ensures that every login has a strong password by security standards, even if they can’t think up one themselves.
Can Be Used Across Devices
Whether someone is on their iPad or desktop computer, they can access their passwords. All they need to do is have the password manager downloaded on that device and log in to their account.
Companies Don’t Get Locked Out of Accounts
One thing that can happen when a company isn’t properly managing user passwords is that they can get locked out of company resources. For example, the person managing all the social media accounts leaves unexpectedly, and everyone has to scramble to try to figure out how to access them.
With a business password manager account, companies retain control of any work-related logins through administrator access. Thus, they can still access any of their user accounts, even if an employee leaves.
This also makes offboarding easier because a company can change the master password on an employee’s password manager account, locking them out of all company logins.
Are Your Company Accounts Secure?
B-Comp Services can help your Denver area business solve password and access problems that could be leaving you vulnerable to a breach.
Contact us today to get started. Call at 303-282-4934 or contact us online.