It’s like we aren’t even trying anymore.
Despite years of repeated warnings, millions of Americans rely on preposterously simple passwords that offer little or no security for critical data and systems. NordPass’s annual list of the 200 most-common passwords includes such gems as “password,” “123456,” “guest,” “qwerty” and “111111.” Researchers note that 83 percent of the passwords on that list can be cracked in less than one second.
Password fatigue is a big part of the problem. According to the NordPass study, the typical business user has 70 to 80 different passwords — far more than anyone could reasonably be expected to remember. As a result, most people settle on a few easy-to-remember passwords that they use repeatedly.
Despite growing support for passwordless authentication, mainstream adoption is likely several years away. There’s no industry consensus on the best implementation method, and current approaches aren’t user-friendly.
A Digital Vault
For now, most industry analysts say organizations can boost their security by using password managers. Password managers are applications that enable users to generate, store and manage their passwords securely. More important, users aren’t required to remember dozens of different passwords.
A password manager is essentially a digital vault in which users store all their unique passwords. Once passwords are created, the password manager stores them in an encrypted format. Users only need to remember one, strong master password to access the vault and retrieve stored passwords.
Other key features include:
- Password generator. Most password managers have built-in password generators that ensure passwords are complex, difficult to guess and frequently changed.
- Password auditing. Password managers can analyze your existing passwords and prompt you to update any weak, reused or compromised ones.
- Device syncing. Cloud-based management software easily syncs across all your devices and operating systems, eliminating the need to set up each device individually. All password changes are synchronized to all of your linked accounts in real time.
- Single sign-on (SSO) integration. SSO integration eliminates the need to manually enter login credentials for web applications and Software-as-a-Service (SaaS) solutions. Users gain one-click access to these apps from within the password manager.
- Autofill. Many products include browser extensions or app integrations that automatically fill in login credentials on websites and apps. This eliminates the need to manually type or remember passwords.
- Centralized management. Managers can be deployed, managed and monitored across the organization from a centralized management console. Employee permissions can be fully customized through fine-grained access controls based on the roles and responsibilities of team members.
- Dark web monitoring. This feature scans billions of records on the dark web and alerts you instantly if your personal information is detected.
Adding MFA
Although password managers greatly enhance digital security, they are not without vulnerabilities. For example, two popular password managers, Norton LifeLock and LastPass, were hacked in recent months. In each case, hackers used credential-stuffing attacks to access customer information, including passwords.
Credential-stuffing attacks exploit another poor password practice — reusing passwords across multiple sites. Hackers use previously stolen or exposed credentials to gain unauthorized access to accounts with the same credentials.
To prevent such attacks, industry analysts recommend implementing multifactor authentication (MFA) in conjunction with password managers. Even if a password is compromised, MFA ensures that unauthorized access remains virtually impossible without a second verification factor such as a fingerprint or one-time code.
Risky password practices are undermining security efforts in most organizations. Password managers alleviate much of that risk by relieving users of the need to create and remember dozens of unique passwords. Contact us to learn more about using a password manager to enhance the security of your organization’s data, applications and services.
