IT leaders need to prioritize the end-user experience when it comes to security software.
It’s a well-known fact that an organization’s security chain is only as strong as its weakest link.
The professional cybercriminals responsible for costly, reputation-damaging data breaches know what to look for when scouting new attack opportunities. The common-sense strategy of striking at a victim’s weakest point is a powerfully effective one.
IT leaders know this and often go to great lengths to explain how their organizations’ cutting-edge security systems protect against unauthorized access. But even the most sophisticated systems still rely on the same fundamental security mechanisms — passwords.
Encouraging employees to adopt secure passwords and enforcing good password policy is one of the main hurdles for IT organizations. Something that should be considered even more by IT leaders, to encourage proper password policy with new tools, is the end-user experience (UX).
Password Security Depends on the User Experience
While most IT professionals understand the value of a good password, relatively few have incorporated professional password management into their security framework. Among those that have, user adoption remains by far the biggest challenge.
Simply telling employees to follow good password practice isn’t enough to ensure it actually happens. Even organizations that use sophisticated password management software face user adoption problems because the software is not easy to use.
Good password policy starts and ends with the end-UX. If employees don’t like the organization’s security software or find it hard to use, they will simply neglect to use it. Furthermore, weaknesses are repeatedly observed in companies’ security and password management policies that stem from a lack of protection from poor password behavior of employees outside of the office (e.g., reuse of personal passwords – no matter how strong – across the frontier between home and work). This is a major blind spot for IT teams, and providing them that vital visibility is fundamentally dependent on giving employees a tool they find easy to adopt across different facets of their lives.
IT leaders are quick to say they evaluate the UX when choosing software for their employees, but only 17 percent of IT leaders incorporate the end-UX when evaluating password management tools. It is therefore not surprising that those who have deployed a password manager in their company report just 23 percent adoption by their employees.
The end-UX has to be a priority for IT leaders who wish to guarantee secure processes for their companies. Password management is too important a link in the security chain to be compromised by a lack of adoption.
Why Password Management Matters
81 percent of company data breaches involve compromised passwords. When cybercriminals made away with 60 million Dropbox user credentials, it was because a single employee reused a password.
The cloud-based file hosting service suffered an expensive, destabilizing hit to its reputation despite its otherwise stellar security setup. A single reused password let the attacker bypass Dropbox’s 256-bit AES encryption, 128-bit encryption SSL/TLS tunnel layer protection, and other highly secure technologies.
When it comes to password security, a single misstep can mean handing over the keys to your entire castle. There is no replacement for the peace of mind that a comprehensive password policy offers.
But secure passwords are hard to come up with and even harder to remember. The more complex a password is, the more likely its user is to rely on a security-compromising shortcut—like writing it down on a piece of paper.
At the same time, IT professionals have more passwords than ever. Research at Dashlane reports the average employed person will have more than two hundred online accounts by 2020. Most people find it hard enough to accurately keep track of a single high-quality password, much less two hundred.
Professional password management solutions offer a valuable service. The ability to unify a potentially unlimited number of passwords under a single master password helps organizations keep their systems secure without compromising users in the process.
Accountability Streamlines Password Management
Most IT professionals intuitively know that password management is integral to security policy, but
Almost every organization has some kind of password policy in place. They tell employees to use different passwords for different accounts, to incorporate letters, numbers, and punctuation marks into their passwords, to avoid using the most common passwords, and so on.
If every employee followed the latest password policies to the letter, the world of IT would be a more secure place. Unfortunately, in reality, employees rarely follow through when it comes to password security, and cybercriminals know it.
When employees are not held accountable for password security, it becomes much harder to enforce security policies. Password management software encourages good password policy at work and at home, and empowers employees to use multiple, complex passwords easily.
But there is an important success factor that goes beyond accountability. In order for organizations to truly leverage the benefits of next-generation password security, they need to ensure their password management solution is easy to use, and therefore adopted by all employees.