Do you know what the average cost of a corporate data breach in 2016 will be? According to an IBM study the cost has risen to $4 Million dollars per incident. Can your company afford to take such a loss?
One simple and effective way to help protect against data breaches is to use long and secure passwords to help thwart attacks. One of the most secure methods of creating and managing long and secure passwords is through the utilization of a password manager. When users are given the opportunity to create easy passwords, often times they will.
Top 10 Most-Used Passwords
- 123456 12345678
- Password 111111
- 123456789 abc123
- 12345 123123
- Qwerty 1234567
Top 10 Most-Used Words in Passwords
Do you know that on average 22% of people share passwords with co-workers?
Does your company subscribe to expensive subscription services? If multiple people are using the same password and logon how can you accurately tell who is accessing resources you are paying for?
Long and secure passwords can help prevent many data breach attacks but there can be some draw backs if you are not using a password manager. Users have been known to write the password down therefore making them less secure. Users often become frustrated when they are forced to remember long and difficult passwords. After failing to enter the password correctly they have a tendency to revert to a default well-known password. This opens up the organization to additional risk of brute-force attacks (simply trying a list of common passwords).
Even with increased IT security budgets the most expensive and high tech antivirus solution will not protect your organization from outside users that have or find valid credentials to your network.
One way to make a big difference in your corporate security at a small cost is to implement a password management product or platform. A password management platform can provide many benefits for the end users as well as those responsible for maintaining access and security of your organization’s infrastructure.
One benefit for the IT management team is a centralized repository of all corporate passwords. This allows for quick change in case of a breach or access control if an employee is terminated or quits.
Another benefit when using a password management tool is that IT can regularly change and rotate passwords. This adds another level of security and happens behind the scenes, the users are none the wiser. In addition, this feature alleviates the headache and security risk of having the end user be responsible for changing their passwords every 30 or 90 days.
Lastly, but just as important, some password management products offer two-factor authentication. This feature requires that a user provide a second channel of communication, such as a cell phone number or alternate email address. When the user attempts to access the password management tool they are required to provide additional authentication (usually in the form of a alpha numeric code) that is sent directly to email or cell phone. This additional security ensures that only the people authenticated by your IT staff will have access to the password repository.
Now that we have discussed some of the benefits of a password management tool, let’s look a few options that are available.
LastPass is an online password management platform that is capable of all of the above and more. LastPass has three tiers of service. The first tier is the free tier, the second tier is the premium tier and the third tier is the enterprise tier. Some of the benefits of the Premium tier are unlimited device syncs, shared family folder, priority tech support premium-two factor. The Enterprise tier is geared more towards large environments and has a centralized management console and additional security policy and reporting features as well as single sign on options. Last pass is supported on android IOS and windows mobile devices as well as Mac, Windows, Linux, Chrome Firefox Safari Internet Explorer Opera and Edge browsers.
Another option for an online password management software is LogMeOnce Password Management Suite Premium. This software is also an online password management software. LogMeOnce will sync all of your passwords, across multiple platforms, including Windows, Mac, android and iOS devices. LogMeOnce allows for password importing from multiple web browsers including Chrome, Internet Explorer, Firefox, and Safari. LogMeOnce also supports importing existing passwords stored in other password management services. LogMeOnce allows for two-factor authentication using a variety of two factor programs/apps that are supported on Android and iOS.
Both of these services rely on the same underlying encryption principals to secure your passwords. All of your stored passwords are encrypted with the AES-256 algorithm. This means that even though your passwords are stored within these services they do not have access to them. The services will only have access to the encrypted version of your password. This means that to decrypt or see the password in plain-text, the password for the account is needed as well as any additional two-factor information. One of the key concepts of securing your passwords is that you will only need one strong password for the password management service account. Strong and secure passwords are an easy and cost effective first step to help protect your business (and personal) accounts.