Password management software is great for consumers, but why is it essential for businesses? The answer is simple. Knowing that a single breach of a corporate network can have consequences that affect the entire business and everyone who works for it means password management is more important today than it’s ever been.
Password management software stores passwords securely so users don’t have to worry about remembering them. Here are 10 reasons why every business should make this software part of its security toolkit.
People won’t use strong passwords voluntarily.
No one likes to create new passwords, so people tend to go with simple options that are easy to remember. Unfortunately, that also makes them easy to guess. Today’s password-cracking software quickly cycles through common patterns and can even be customized to incorporate known information about the user. Passwords that were considered secure five years ago are easy targets today.
People aren’t good at creating strong passwords.
A password isn’t considered secure unless it is at least 16 characters long and contains a random combination of numbers, symbols, uppercase letters and lowercase letters. Few people have the patience or skill to create unique passwords of that complexity for each account, particularly if they have to memorize them. Password managers have algorithms that automatically generate secure passwords and store them securely so users don’t have to remember.
People use the same passwords repeatedly.
This is an understandable but also a dangerous practice. No one can remember dozens of unique passwords, so people tend to use the same ones again and again. That can be catastrophic in a business environment. It means that a single password compromise can open the gates for intruders to log on to multiple services, stealing information from each one along the way. Using a password management program ensures that users can easily apply different passwords to each service thus limiting the damage should any one of them be compromised. In addition, password management solutions can monitor password usage and alert management and the employee when good password hygiene is not being practiced.
Lost passwords are a major time sink for help desks.
Experts recommend against storing passwords in unencrypted files or on paper notes, which means that users must commit them to memory. Not surprisingly, people forget. That’s why Gartner has estimated that up to 50% of help desk calls are for password resets at some companies, with an average cost-per-reset of about $70, according to Forrester Research. You can imagine how quickly those costs add up.
Password changes are easily recorded.
Many online services ask their customers to regularly change their passwords. This is a sound security practice. Unfortunately, it also creates the need for users to note those new passwords somewhere. Some will invariably fall through the cracks. Password managers help employees manage password changes and updates.
Browser-based password management isn’t secure.
Most browsers today have a built-in basic function that offers to remember passwords. The problem is that browser-based solutions typically don’t have a strong focus on security. Without a password management policy, many users will default to using whatever the browser offers, leaving their credentials effectively out in the open.
Password managers protect against phishing attacks.
Phishing attacks are one of the most effective ways cyber criminals steal login credentials. Phishing emails that appear to come from legitimate services, but that actually direct recipients to bogus login screens that are set up solely to capture their passwords. Most people are prone to phishing attacks, but password managers aren’t. If the domain name doesn’t match the record within the password manager, it won’t serve up a password.
Password managers can sync to the cloud.
People need to login to services from a wide range of devices, including desktop computers, phones, tablets and even public computers. There is no reliable, convenient or secure way to carry around those credentials other than by using password manager. Quality products provide apps for all major mobile platforms as well as desktop and website access.
They support multi-factor authentication.
Multi-Factor Authentication (MFA) requires users to supplement passwords with a second form of identity, such as the answer to a challenge question or a PIN code sent to their phone. Leading password managers provide various two-factor authentication methods, which will add an extra layer of protection for everything stored in your password manager.
You can monitor compliance and spot problems.
The best password policies in the world are of no use if people ignore them. Enterprise password management systems give IT departments visibility into their employee’s’ password practices so administrators can identify and resolve non-compliant behavior. A single compromised password can lead to disaster. With audit and reporting controls, that need never happen.
Consider how many of these scenarios apply to your business.