Software users are constantly reminded to select unique passwords and keep them private.
Companies enforce password complexity and maintain requirements for how often those passwords need to be changed.
With that in mind, users are only human. The vast majority struggle to memorize a few passwords– let alone dozens, if not hundreds, of them.
Oftentimes, cyberattacks focus on credentials. Two popular methods are to steal passwords (phishing) or take advantage of reused credentials (credential stuffing).
With so many apps, programs, and accounts to keep track of, people need a way to simplify in order to focus on their work. Ignoring the need for security, however, is a recipe for failure.
Is it time to roll out a password manager?
Password Weaknesses, A Sticky Problem
So, why are passwords so easy to crack? Let’s start with some stats.
A recent report estimates that 57% of U.S. workers write down passwords on sticky notes – two-thirds of which are then lost or stolen.
Additionally, about 62% of those share work-related passwords through email or text messages, while 46% use passwords shared by multiple people.
Then there are the passwords themselves. Another study shows that 60% of users maintain an easy-to-guess password, such as a pet’s name, family member’s name, or a favorite team.
What’s more is that many of these simple passwords can be discovered by scraping social media. In April, researchers located data for sale containing more than 553 million Facebook users’ data.
At this point, it’s assumed that most of the aforementioned passwords are already in the hands of hackers.
Even computer professionals are not immune.
SolarWinds executives found themselves under congressional attack for using “solarwinds123” as the password to their update server for several years.
Regardless of best practices, regulations, or education, many users continue to make mistakes with their password hygiene.
Fortunately, the right software can ease the burden.
What About a Browser's Password Management Tool?
When you enter your password into a website, browsers helpfully ask if you want to save that password.
Google Chrome can even check for a weak password or one compromised in a data breach.
These features make saving complex passwords for websites both easy and convenient. Unfortunately, browser password managers fall short of the security needs necessary for a professional organization.
Why is that?
To start, most browsers save the passwords in plain text, which can easily be stolen. Also, many do not restrict password access, which means that anyone with access to that device also has full access to all saved passwords.
What about applications, such as VPN or third-party software installed locally, that don’t access the browser? Unfortunately, the browser’s password manager does not easily manage external passwords.
Additionally, any business or government body can only control passwords from a device that’s under their control. Organizations cannot stop users from storing corporate passwords in a browser, nor can they protect those passwords if, for example, a laptop containing them is lost.
Also, browsers are device dependent, so you can’t synchronize passwords with other devices.
Password management software overcomes those limitations while also delivering additional security.
How to Properly Use a Password Manager
Password managers are either based on a local device, or they’re hosted on a cloud.
Locally-hosted password managers are always available, even when that device is not connected to the internet.
That’s helpful on long plane rides when WiFi isn’t available, as you cam still access locally stored apps or password protected files.
Sure, you’ve got great password management and security. However, if you lose that device, while an attacker won’t have access to the passwords, you’ll still lose them.
As businesses move to the cloud, it’s generally recommended to use cloud-based password managers. Cloud-based password managers synchronize passwords across all devices (laptop, desktop, phone, etc.) and allow your entire organization to share passwords securely between users.
Also, cloud-based password managers facilitate the secured transmission of shared passwords. That’s because users who receive the shared password cannot see the passwords themselves.
While cloud-based passwords cannot be lost, they may be susceptible to a cloud-breach. Some organizations might choose to use a combination of cloud-hosted and locally-hosted managers for different security needs.
Password managers use stronger security than browsers to protect users’ passwords, but free or low-cost password managers might not be the best choice. These options typically collect your location, hardware data, and other information that’s used in targeted ads.
When comparing options, it is always important to balance the costs against the valuable information that may be exposed.
Our Choice? Go with a Corporate Password Manager
From the perspective of a corporation, non-profit, or government entity, supplying a password manager provides more control.
You’ll have the confidence that, if an employee leaves your organization, the passwords won’t linger on their personal devices.
Additionally, your IT department can change and manage passwords for certain applications. And, those passwords are only shared with users who need access.
Read to increase password security within your organization? We’re here to help!
At Ideal Integrations, we can help navigate the choices and help your team select the solutions that work best for you. From setting up automated periodic password changes to the most secure form of corporate password management, we’re by your side, 24/7/365.
Together, we can maximize your return on IT. Contact us today! Complete the form below, or call us at 412-349-6680 to get started.