The Problem with Passwords

Updated 08/28/2021

Cybersecurity

The problem with passwords is that most users complain about having too many to remember, so they resort to sharing credentials, using weak passwords, or using the same password for multiple applications.

The problem with passwords is that they often windup on the dark web.

The problem with passwords is once they're on the dark web, cyber criminals will use them to look for "open windows and doors" into your network (which is easier than ever now that your employees are working from home).

LastPass's report called "From Passwords to Passwordless" surveyed 750 IT and security professionals regarding challenges and risks involved when relying on passwords.

85% of those interviewed stated they believe their company should reduce the number of passwords used on a daily basis. But is this realistic or even possible?

One solution is using a password manager to help your IT department enforce your password security policies. A password manager will also help to minimize the anxiety your employees have around keeping track of passwords.

Other benefits of using a password solution include minimizing risk, saving time, gaining more control over password management, and saving money.

Other solutions include Biometrics, single sign-on, and federated identity.  It could be that using a combination of password authentication and management is necessary to satisfy your IT department, users, and regulators (that is, if you need to adhere to any compliance or regulatory standards).

If you're unsure what the right decision is, contact us today. We're happy to help.

P.S.

October is Cybersecurity Awareness Month.

With employees working from home, the biggest risk to a company network is no longer within its own walls but in its employees' home offices.

It's crucial to train employees to become the first line of defense against cyber attacks. Try this:

  1. Use this month to connect with employees about cybersecurity, and be sure to include real-world stores, not generalizations.
  2. Open up communication between the IT department and employees. IT should provide guidance on a regular basis on how to handle cybercrime.
  3. Invest in both security products and the people using them.
  4. Minimize risk by making training fun. Keep sessions short and sweet, rather than tedious and dull.
  5. Customize training to individual departments. Not everyone will face the same kinds of threats.

References:

  1. https://blog.knowbe4.com/heads-up-paying-ransomware-criminals-might-land-you-a-steep-federal-fine
  2. https://www.techrepublic.com/article/how-organizations-can-reduce-their-reliance-on-passwords/
  3. https://www.techrepublic.com/article/cybersecurity-awareness-month-train-employees-to-be-first-line-of-defense/