81% of Data Breaches are Due to Stolen Credentials… Tips to Protect Your Passwords
Passwords have become the golden key that can get a hacker into a data treasure trove. They’re the most popular method of entry for hacking-related data breaches (81% of them) because if a hacker has a user login credential, they can often bypass standard security designed to keep them out.
But as important as passwords are as a part of a managed IT security plan, many companies don’t prioritise them or create comprehensive password policies, thus their network security remains at risk.
There’s often a balance of productivity versus security when it comes to password management. Everyone needs to have a strong password (and they usually know it), but strong passwords are hard to remember, especially when an employee is juggling several different application and web logins.
The fact is that employees and executives all tend to fall into poor password habits that include:
- Creating passwords with personally identifiable information (like birthdate)
- Creating passwords that are easy to hack
- Not using multi-factor authentication
- Sharing passwords with co-workers
- Using the same password for multiple different applications
The Current State of Password Security
The fact is that password security has become a major issue in offices around the world. The “2019 State of Password and Authentication Security Behaviors Report” by Ponemon Institute includes statistics that illustrate some common issues seen:
- 51% of professionals believe it’s too difficult to manage passwords
- 2 out of 3 respondents admit they share passwords with colleagues
- It takes an average of 12.6 minutes each week (10.8 hours/year) to enter and/or reset passwords
- 51% of respondents have experienced a data breach
- 46% of passwords are reused between 4 to 6 times
Following are tips to help increase password security and solve some of the common conundrums when it comes to trying to implement a password management policy at your business.
Best Practices to Safeguard Your Passwords and protect yourself from Data Breaches
While passwords tend to be considered in the realm of the personal, when they’re safeguarding important company information, they need to be managed properly just as any other security protocol. Below are tips that can help.
Enforce Strong Password Creation Policies
Many applications, such as Office 365, give you the ability to require a strong password be used to set up a new user account or when changing a password. You can also find authentication support tools in Azure that can be used across multiple different applications that your company utilises.
If you’ve enabled certain rules to require strong password best practices, it means if a user tries to put in something like “password123” for their password, it will be rejected, thus you’re adding a safeguard against easily hacked logins.
Typical strong password rules include:
- Having at least 7-10 or more characters
- Including both upper-case and lower-case letters
- Including a combination of letters, symbols, and numbers
Enable Multi-Factor Authentication
A solid protection against weak passwords is to use multi-factor authentication (MFA). MFA requires another authentication factor beyond your username and password before you can gain access.
That second factor is generally attached to something you own, like a mobile device or token device. When MFA is enabled and set up, when trying to login the user receives a PIN which must be entered within a matter of minutes (usually 5-10) to complete the login. The PIN can be sent by email, text message, notification, or through a separate token device.
MFA significantly reduces the chance of a breach due to a weak or stolen password because most likely a hacker is not going to also possess the device that receives the PIN code.
Use a Password Management Application
The sheer number of passwords that the typical person has to remember for both work and personal use, makes it virtually impossible for someone to remember them all while also making them all unique and strong.
The way to solve this dilemma is to use a password management application for all your company logins, such as LastPass, 1Password, or others. A password manager not only stores all your users’ passwords securely, it will also suggest strong passwords when they set up new logins or change their passwords. Users only have to remember a single strong password to access their password vault.
Business advantages include the ability to access user passwords, so no more do you have to scramble trying to find a login when an employee is gone. You also don’t have to save password spreadsheets for all your logins, which can be a security risk.
Administrators can access reporting on logins to gain valuable insights into business application use. Two other bonuses that company accounts for password management apps include are:
- Many include a free personal user account for employees
- Most can also be used to securely store corporate credit cards
Discuss the Importance of Password Policies with Staff
If you simply implement strong password policies without speaking with your staff about why it’s critical, you’ll most likely have confused users that feel they’re being inconvenienced.
Your team is your best defense when it comes to password security, bring them into the dialogue and get them onboard with why improving the way your company handles password management is important.
Looking for Help with Your Network Security?
There are multiple moving parts to network security, password security and preventing data breaches being just one of them. Don’t leave your data at risk, get a security consultation from GKM2 today. We can let you know where you stand and offer helpful and affordable solutions to make sure your network is protected.
Schedule a security consultation today by calling +61 2 9161 7171 or contacting us online.