A password manager is the best first line of defense against a data breach. By encouraging and enabling employees to change their poor security and password behavior, a password manager minimizes your organization’s attack surface and strengthens one of your biggest vulnerabilities. After all, your security is only as strong as your employee’s weakest password.
Think that’s a stretch? Consider these three facts:
- 81% of hacking-related breaches leverage either stolen and/or weak passwords.
- Your employees are using stolen and/or weak passwords, and are reusing those passwords across their accounts.
- When it comes to your employees avoiding stolen and/or weak passwords, and eliminating password reuse across their accounts, no solution compares to a password manager.
Before we dive into how a password manager helps prevent a breach and other additional benefits, let’s first define what a password manager is.
What is a password manager?
A password manager is a tool used by individuals to securely keep track of their passwords. It allows users to create unique, complex passwords for each account because it remembers everything for the user and automatically logs them in to each site.
Using zero-knowledge architecture, password managers keep user information behind one master password (created by the user) that isn’t stored anywhere for ultimate protection of personal data.
Other components of a password manager include:
- Generate unique, complex passwords for each account in one-click
- Securely auto-login to every website
- Securely auto-fill personal information
- Securely share passwords
- Security Dashboard to encourage strong password behavior (ex. low scores for reused, weak and/or stolen credentials)
- Instant security alerts are sent when a site you save suffers a breach
- Cross-device syncing, for use 24/7, wherever you are on any device
A business password manager includes all of those great features for employees, but includes administrative capabilities for IT and Security teams.
A business solution would additionally provide:
- Spaces for employees to delineate work accounts from personal accounts
- High-level view for admins to identify employees with poor password scores in their work space (note: admins can’t view any individual credential or password)
- Multiple deployment options to increase adoption among employees
- Secure Group Sharing capabilities
- Easy onboarding/offboarding for new or ex employees via spaces (ex. work space is removed when an employee leaves a company)
- Secured Account Recovery for employees who forget their master password
Now that you know what a password manager is and how it works, let’s examine why it’s the best first line of defense against a data breach.
How a Password Manager Helps Prevent a Breach
As an IT or Security professional, you’re tasked with securing your business from any potential threat. Since 81% of breaches leverage either weak and/or stolen passwords, those weak and/or stolen passwords represent a significant threat to your organization.
You can try to implement policies around passwords, or use a PAM or IAM solution to protect your accounts, but ultimately (1) employees don’t follow password policies, which are typically inefficient and require additional time and effort from the employee, and employees don’t carry those policies over into their personal lives, and (2) PAM or IAM solutions only protect against specific accounts which don’t represent the entire attack surface (i.e. all employee accounts).
Q: How do you effectively eliminate reused, weak and/or stolen passwords across your organization without negatively impacting productivity?
A: Invest in a password manager for your business.
A password manager is able to solve for all the issues that exist today with regards to poor password behavior by combining convenience and security into one easy-to-use tool that employees love.
Let’s take a look at the main blockers to proper password behavior and how a password manager helps to remove those blockers:
- Weak Passwords: Employees are using weak passwords because there is no easy way to remember hundreds of strong passwords. Password managers generate strong passwords for every account and then remember them for you.
- Reused Passwords: Employees reuse passwords for the same reason everyone reuses passwords — it’s easier to remember just one password. Password managers help employees maintain unique, complex passwords for each account. This includes passwords that may have been reused across personal accounts as well (which was the cause of the Dropbox breach).
- Stolen Passwords: Employees often aren’t even aware that they are using a password for an account that was recently breached. Password managers alert employees when an account they have stored is breached in order to ensure account security.
- Unsafe Password Storage: Employees are either using weak passwords, or they are storing strong passwords unsafely. Examples include: a password book, a Word doc, or in their internet browser. A password manager is the only way to combine strong passwords everywhere with secure storage.
- Inconvenient Password Management: A password manager takes all of the pain out of remembering passwords or password policies. Employees simply need to remember one master password, and the password manager does the rest.
- No Password Feedback: Making strong passwords is one thing. Maintaining strong passwords over the long haul? That requires password feedback. A Security Dashboard that scores an employee’s passwords and notifies them of weak, reused, or stolen credentials is essential to improving employee password behavior long-term.
- Work vs. Personal Passwords: Smart Spaces automatically separate business and personal passwords for employees. That way, the employee has control over their passwords and is encouraged to have strong passwords on all their accounts without fear of losing their personal passwords should they leave the company.
- No Administrative Oversight: With a business password manager, you have a view of each employee’s security score with regards to the passwords in their Business Space. That score includes reuse across business and personal accounts. Therefore, you can be sure that each employee is maintaining a strong security perimeter around sensitive company data.
- Difficult to Onboard and Offboard Employees: With Spaces, you don’t have to worry about ex-employees having access to work accounts. With one click, you can revoke access to all accounts tied to an employee’s Business Space.
Security Experts Agree: Poor Password Behavior Will Cost Your Business
New data breaches are being reported everyday. Many are crippling U.S. businesses, with the average cost of a breach over $7 million.
Aside from the overwhelming statistical evidence that points to poor password behavior as a leading cause of breaches, experts everywhere are preaching the benefits of strong password behavior in breach prevention.
- New York Times: One of the simplest precautions businesses can take “is to create strong passwords. That has long been the advice of security experts but many say it is stunning how many people fail to heed the advice.”
- Verizon Data Breach Investigations Report: Among the many things they report about poor password practices: (1) “don’t use default passwords as doing so makes criminals’ lives much easier,” and (2) “if you are relying on username/email address and password, you are rolling the dice as far as password re-usage.”
- CNN Tech: [Following the Yahoo breach:] “Whether or not people use Yahoo services, they should always practice proper computer hygiene, experts say, such as not reusing passwords.”
- Insider Threat Report: The most common culprit of insider threat is accidental exposure, with two of the top factors being: “weak/reused passwords (56%), and bad password sharing practices (44%).”
- USA Today: “The best way to make your accounts more secure is to render your passwords worthless to cyber thieves…so as a first line of defense, you should have hard-to-guess passwords…password managers like Dashlane take care of all of that for you.”
What are you waiting for? Try a business password manager and help prevent a data breach by arming your employees with a tool that will encourage strong password behavior and that they’ll love to use.