In this article, we explain why you need a password security management solution. In a study conducted by Risk Based Security, it was found that 69 per cent of people have genuine concerns about their online identity being stolen. Yet, of those same people, 81 per cent still re-use their passwords, leaving themselves extremely vulnerable to breach. This polarity is baffling but entirely human. When we are forced to choose complex passwords in order to be secure, people will always opt to re-use their passwords so as not to have too many to forget.
The trouble is, however, that this practice leaves your business at risk.
Let’s say that a staff member — or, more likely, many staff members — uses their work password for their personal account… A common example is LinkedIn. Users often use their work email and the same password for both LinkedIn and their work accounts. If a breach then occurs on their personal LinkedIn account, this breach can directly impact your business and leave you exposed.
It is not just users and organisations that are aware of the re-use issue. Hackers know only too well how ‘lazy’ people get in favour of ease of use. Breaking one password is just the start. Once hackers gain access to a single account, they seek to expose others, and in most cases, this task is made very easy for them because of ‘password re-use laziness’.
This fact has been recognised by the National Institute of Standards and Technology (NIST) who have specifically addressed the issue as part of the SP 800-63B guidance. Guidance which at Authlogics we support and implement across our products to ensure your security, compliance and ease of use.
Securing the password
Passwords form the foundation for most businesses security policies, whether stand-alone or part of a multi-factor authentication (MFA) solution. While we advocate for the gradual phasing out of password reliance, we also employ solutions, such as the Password Security Manager to ensure that, if you are reliant on passwords, those passwords are going to be of the highest level of security.
So, with password re-use a serious issue, and breaches occurring daily, how can businesses keep their information, IP, staff and customers safe?
This is where the Authlogics Password Security Manager comes in.
The Password Security Manager is an easily installable solution which, in an instant, runs passwords through a database of more than 500 million known breaches to ensure that no one within your business is able to employ weak or previously breached passwords.
By analysing password changes in real-time, and using a combination of granular policy controls, a rules engine, a custom blacklist, heuristic scanning and the 500 million+ database of previously compromised passwords, you can be assured that your Active Directory is safe and secure.
This solution is fully compliant with the latest password guidance and forms a strong foundation for overall security compliance. In a matter of moments, the passwords in your business are:
Once the Password Security Manager is in place, users no longer need to continually change their passwords. The only time changes are required is if the password is found to be breached.
The requirements from users are as simple as ensuring passwords are unique, not found in any breach, and typically 8 characters or more in length – as recommended by NIST. Making for happy users and a compliant, secure organisation.
Password security management – do you really need it?
Of course, the answer is yes. Passwords are inherently weak, and the efforts by most organisations to increase their complexity only causes staff to look for loopholes. More often than not, that means password re-use, which makes your business extremely vulnerable to breach.
A barrier for many businesses deploying these solutions is a concern of increased helpdesk costs. However, in the case of the Password Security Manager, the solution is non-intrusive and straightforward enough that staff can use it intuitively, without any formal guidance or pre-training required.
Your staff are not burdened with yet more password rules to remember, and you still get secure passwords which comply with the latest NIST SP 800-63B password policy standard.
If the following are appealing for your business, it’s time to consider the Password Security Manager:
- Access to the Authlogics Password Breach Database of 520 million + breached passwords
- No desktop software requirements
- No need to change passwords on a regular basis, and no need for complex passwords with special characters and a mixture of upper and lower case.
- Negate password dictionary and brute force attacks
- Granular AD Group Policy-based password complexity controls
- Intelligent heuristics scanning
- Custom blacklists