Why Business Password Management Remains a Struggle
October 11th, 2022 by admin
Do you think your password is secure? Everyone has their favorite password, which they tend to use everywhere. However, smart people know they shouldn't use something that can be guessed easily, such as 'password' or '12345'; however, once you start using a password that you can easily remember and like, you will be using it on other websites. Then you will have the same password for multiple websites, which is when your password security attempts have failed.
It's a problem, which in the business world would translate into poor business password management overall. The business world has struggled with poor password management for as long as you have used one password for all your accounts. However, the mixture of remote work and the increase in online transactions and e-commerce has added new risk levels.
A study has found that 1 in 4 people reuse work passwords for personal transactions, from food delivery services to dating apps. IT security experts have recommended using different passwords for every system, but in practice, it's been extremely difficult for users to manage this. There's too much mental overhead required for remembering dozens of passwords for hundreds of websites.
Why Password Recycling Hurts Businesses
Whenever an employee attempts to recycle a business password to meet their consumer requirements, it opens the door for potential cyber incidents or data breaches for the company. In reality, it's simple math because the more often a password is used, the more its chances of being compromised. What we have learned from data breaches is that emails or user names and passwords are generally stored without encryption.
Therefore, if someone uses their work password and email for online shopping, a cyber-criminal will get the key to all the sensitive data accessible to that user at work due to a data breach. They can easily get into the overall network from there. So, when you're recycling passwords, you should accept that you will become a cyber-crime victim. Continuing to reuse older passwords is like opening your front door and inviting criminals into your house or, in this instance, the workplace.
There Is Improvement Needed in Business Password Management
It's the easiest thing to start blaming employees for recycling their passwords from consumer to work use, but it's also the fault of employers for not making enough of an effort to improve their entire business password management system. The report mentioned above states that:
- A quarter of surveyed businesses don't require their workers to change passwords frequently.
- More than a quarter state that they have no requirements for remote workers to have company-specific security software running on their devices when they access sensitive work files.
- Around one-third have no requirements for using any types of secure access tools like VPN when they connect to the network.
The overall lack of best password security practices and password management places the entire group at a higher risk of credential stuffing. The FBI also warned about increasing credential stuffing attacks in 2020. However, consumers still use work passwords and emails for logging into consumer websites and apps, which puts the company at a considerable risk of a credential stuffing attack.
How to Stop the Password Recycling Problem
No one would be reusing or recycling their passwords in a perfect world, as everyone would use a unique and strong password for everything. There would also be password managers or a personal system being used to ensure that they never forget the dozens of passwords they have. In the end, they would regularly change their passwords so that they remain one step ahead of cyber-criminals.
However, we don't live in a perfect world, and the threats that surround password recycling and reusing are going to continue thriving. That's why IT and security decision-makers must take steps to address these problems. One option that can be used is removing the need for having passwords at all. There are passwordless options that use tokens or other methods, such as biometrics or a smartphone already tied to the user. It's an option that reduces the risk of credential stuffing since it requires the user to prove their identity first. Contact us today to learn more.
Posted in: Security