Did you know that 80% of hacking-related security breaches are linked to stolen and reused credentials? Microsoft just released a new study that analyzed approximately 3 billion credentials known to have been stolen by hackers. Among those credentials, Microsoft found 44 million of their account holders that were using these passwords between January and March of 2019. They also found that passwords were being reused on multiple accounts. Hackers know this is a common practice so will try to use your stolen credentials on your various accounts to see if they get a match. Microsoft has since required these customers to reset their passwords.
It’s fairly common knowledge nowadays that passwords should be complex, not used more than once, kept in a secure place and not revealed to anyone. Having said this, one study found that employees were reusing one password in 13 different places on average.
Given the number of passwords we must keep track of in both our work and personal lives, it’s no wonder that many of these best practices are not being followed. It’s just too cumbersome to keep track of 20, 30, even 50 or more passwords.
How to Solve the Password Problem
The best way to solve these problems is to implement a company-wide Password Manager that can be centrally managed. This is an application where your passwords are securely stored and easily accessed when needed. With a Password Manager, you only need remember one master password to access all your others within your personal “vault”. It will typically even generate complex, random passwords for you.
Features to Consider
When choosing a password manager, here are some important points to consider:
- It should be easy to use and make everyone’s jobs easier. Otherwise, employees won’t us it properly or at all.
- It should be easy to add existing passwords and to add new ones on-the-fly.
- There should be the ability to store passwords in separate locations or groups, with controls over who has access to certain credentials.
- Two-factor authentication should be available, in order to protect your master password login.
- There should be a password generator to create strong, unique passwords and automatically fill them into apps and websites.
- There should be reporting available to determine if passwords are meeting minimum security requirements.
- It should ideally include Dark Web Monitoring of all passwords in your vault, reporting on previously breached passwords as well as any new breaches.
While a Password Manager comes with an added cost, it will be far less than the cost of a data breach, and greatly reduce the risk of one.
Stay tuned for our soon to be announced Password Manager Solution.