You might have previously thought that a password manager is a nice to have, a great idea but not something that is a priority. You know that password complexity and uniqueness is important, but not something to action immediately.
However, three things have changed, the first being users now want to be more cyber-savvy and secure. The second is that we need to recognise that all users are human, and they may click on dangerous links – we need to provide tools to help them. And lastly, there are now more sophisticated threats and hackers that are succeeding in getting users to give up their credentials.
A recent example of a new phishing technique targeting passwords
Generally, email users are told to hover their mouse over a link to see where it led – if you saw the URL of a legitimate website, you were in the clear. Microsoft has recently shared details on a new kind of phishing attack – an email with links that contain a known website to the user at the start, but once clicked redirect them to a malicious page. Having a password management tool will ensure that your login credentials aren’t automatically supplied to a malicious site in such attacks.
Why do passwords present such a risk?
- Passwords are the keys to your company’s assets such as systems and data.
- To be effective passwords must be unique, long, and strong.
- There are many accounts that need a password and sometimes it becomes hard to remember/manage them all.
- Shared usernames and passwords used inside a business are typically generic or low in complexity and present a risk when a staff member leaves your organisation.
- Although Multi-Factor Authentication (MFA) can provide an additional layer of security for your passwords, not all systems support this.
What are password managers?
One of CertNZ’s critical control recommendations is to have a password management tool to securely store strong passwords, in an encrypted, centralised location. A password manager is a software that saves all your passwords, it’s like putting your passwords in a safe that only you have the key to. This key being your ‘master password’ + Multi-Factor Authentication (MFA). They provide an easy and secure way for everyone in your business to keep track of their passwords.
Benefits of password managers
1. Remove poor password habits, such as:
- Writing passwords down i.e., on post-it notes, in notebooks, on phones, or in Excel or Word documents etc.
- Reusing the same password for multiple accounts
- Using weak passwords
2. Having confidence in your password Security:
- Relying on a system to generate complex passwords in place of human ‘brainstorm’
- Passwords are all encrypted and securely stored offsite in a fit for purpose system
- Consistent password practices business-wide
3. Authentication processes leading to a loss in productivity:
- Remove time spent remembering what password is used for which account
- Simplify account login using autofill
- If an account is shared by multiple users, remove the need to ask one another for login credentials
If you are looking to improve your level of cyber security resilience and introduce a password management tool, our team of experts are here to help. Reach out to IT Partners via email or phone 07 957 2650.