Over the past several years there’s been an increase in cybercrimes and high-profile business hacks. Some of these have resulted in millions of dollars of losses. In some cases, companies who had used lax security had fines from federal agencies. But your business may be able to avoid all of this with the right password manager.
When most businesses think of hacking attempts, they often imagine sophisticated hackers using the latest technology and techniques to probe networks to find and exploit.
But often, many of these high-profile hacking stories you hear about in the news are accomplished in a much more mundane way. Often, it’s the simple stealing of a password that first grants the hacker access to the system.
Other times, the hacker simply takes advantage of a weak password. We’ve all heard the advice to never use “password123” as a password. Yet, countless people still do, even those in highly sensitive roles.
This means passwords and password management is still an issue businesses need to take seriously to secure their network and information.
In this article, we’ll explain whether a password manager can help your businesses mitigate these common risks and whether they can have other benefits as well that can help your origination run more smoothly.
Before we dive deeper, it’s important to understand just how vulnerable most passwords are, even within large organizations with dedicated IT security.
Recent studies have shown that over 80% of data breaches and hacks were the result of a stolen or compromised password. So despite the Hollywood depiction of hackers sitting behind walls of monitors staring at endless computer code, the reality is much different.
Of course, this begs the question as to why passwords are so easy to compromise. The answer to that question is actually rather simple. It has a lot to do with human nature and convenience.
In the next section, we’ll go over the biggest problems with passwords and why they are so vulnerable to attack.
Passwords are flawed because many organizations allow users to select their own passwords. This means employees who may have no clue about security are deciding on the best password.
This also means they generally choose a password that makes their work easier instead of one that protects data.
Below are the most common reasons passwords chosen by employees are generally not very secure.
Users Prefer Short Passwords
It’s much easier to remember a short password than a long one. But the shorter the password, the easier it is to compromise. Most programs ask for a password of a specific length before accepting a new user password.
This is a good first step. But users often “cheat” by using their preferred short password and then adding an easy-to-guess string of numbers to the end.
For example, if a user wants the password to be their dog’s name so it’s easy to remember, they may enter “Fido” as the password. But since the password needs to be 7 characters or longer, they will just use “Fido123”. This doesn’t make the password any more secure and that’s the main problem.
Users Reuse Passwords
The next biggest issue is that it’s nearly impossible to remember all the passwords we need these days. Virtually every service we use or interact with has a password. If we used different ones, we would need to remember dozens of passwords. Something that is not feasible.
So instead, users reuse the same passwords across multiple systems. This makes it easy to remember. But it also means if one password gets compromised, every system that the user interacts with is now compromised as well.
This is especially true if the first password is for something like email. Once hackers have access to that, they can usually find all the other systems that the person communicates with and try the same password.
This is why security experts tell us to never reuse passwords. But despite being good advice, it’s almost impossible without a password manager of some kind.
Users Tend To Use Common Words And Number Combinations In Passwords
Another issue with passwords is tied to the first issue. It’s a result of users trying to make their passwords easier to remember.
They will often use dictionary words or common words. These are the easiest to guess by brute force attacks. These are attacks that simply guess thousands of passwords until it finds one that works.
As mentioned early, users will often just add sequential numbers to the end of the words. Providing no real additional security benefit.
Passwords should never be single words and instead should always be random characters with no pattern. However, this makes them nearly impossible to remember, which is why people rarely create secure passwords
The Solution To Bad Passwords? A Password Manager
If a business wants to mitigate the above risks for passwords, they need something that addresses all the problems mentioned. It also needs to be secure, easy to use, and easy to manage for administrators.
The answer for many businesses is through the use of a third-party password manager. These cloud-based tools can simplify logins as well as promote more secure passwords.
What Is A Password Manager Tool
A password manager is a software application that stores and encrypts all of a user’s passwords under one master password.
You can think of a password manager like a password vault that contains all the written passwords the user has. The only way into the vault is through a very difficult-to-crack master password. That master password or master key is the only one that needs to be committed to memory or written down.
All passwords are stored with encryption. Meaning, that even if a hacker gets access to the password manager through other means, the passwords inside still need to be decrypted. Resulting in a long process and often impossible without other information being present.
Password managers are mostly cloud-based. Meaning that the security of the passwords is handled by the company providing the service, which has the expertise and dedicated staff to do so. There is no need for an on-premise software installation at your business which then needs to be managed.
Finally, most password managers have integrations with web browsers and most devices. They also generally have additional security features that help to alert users if they are performing actions that may compromise security.
They also help when visiting different sites as the login credentials will be automatically filled in by the password manager.
Benefits Of A Password Manager
Are password managers worth it? Below, we’ll go over some of the key benefits of using a password manager which shows them to be very worthwhile for most organizations focused on improving workforce password management.
Only One Password To Remember
This is the main benefit of a password manager for users and it is tied to all the other benefits. By focusing on just one password, that password can be extremely strong.
For example, a typical strong password can take over 500 years for a brute force attack to correctly guess it. By contrast, a typical low-security user password with simple number and letter substitutions would take about 3 days to crack at the same rate.
This means essentially every employee has a highly-secure password even if they have no understanding of security or how to create strong passwords. For large companies, an enterprise password management solution is needed to maintain proper password best practices.
Another benefit for employees is that a password manager speeds up their workflow tremendously, which makes them more productive and less bogged down by repetitive tasks.
By using a password manager that integrates with their web browser or device, they can easily migrate between online accounts or applications that need passwords. The password manager automatically supplies their username and password.
This is great for employees who often have to access several secured systems with separate passwords when working on a single task. Something that is very common with remote work.
Offloading security to a dedicated company alleviates your business from having to keep a dedicated staff or employee for such purposes. That doesn’t mean these password managers can’t still make mistakes, but they have more resources and expertise than a business trying to manage their own security.
Generally, it’s better to let professionals manage as much of your security as possible if you don’t have the resources to manage this on-premise.
Password managers also allow for the tracking of various logins across your network. This is important for keeping records in case a breach does occur. It also allows you to find areas of trouble or even systems that nobody logs into. Meaning, those systems may not be necessary.
Legacy systems that are rarely used are often not updated as well. This makes them prime targets for hackers, which can create another security issue.
When users forget passwords, it can disrupt work and cause downtime or other issues. If a business has an IT department, these password resets can take away time from other more important IT tasks.
An advanced password manager alleviates many of these issues as passwords are stored securely and are automatically entered for the user. This means fewer password resets for both the user and any IT personnel who usually handles these requests. This even includes user-added applications that require passwords.
PCI Compliance And A Password Manager
If you’re a merchant and handle credit card information, you’re likely familiar with PCI compliance.
PCI DSS compliance is a set of guidelines that merchants and service providers must follow to ensure the security of customer data.
Part of this PCI DSS compliance is to use password best practices at all times. One of the easiest ways to achieve this is through a password manager.
By setting up a password manager, businesses immediately increase their security and it’s much easier for all employees and systems to now be PCI compliant when creating passwords and logging into various systems that hold customer billing information.
Downsides Of A Password Manager
There is no such thing as perfect security. Any security system can be compromised or hacked. Password managers are no different, but this doesn’t mean they are not secure.
You may be familiar with the password manager known as LastPass, which was one of the leading password managers. It suffered a hack in 2022 in which a hacker gained access to all password vaults of over 30 million users.
This was a serious breach and the damage done to LastPass is still ongoing. However, even in this worst-case scenario, the unique password vaults were still encrypted. So hackers still needed to take the extra step of either decrypting the vault-secure passwords or finding the master password of users.
Unless the hacker had direct access to your master password, your password vault would still be secure unless the hackers used a brute force attack and guessed the password. However, given the requirements of the master password, that would take years at current computer speeds.
So even in this worst-case scenario, passwords were still safe as long as users properly maintained their master password. They would still have to go through the process of changing all their passwords to be totally secure again. This takes time, but there will be no data loss or data breach for the users.
This isn’t to sugarcoat the issues at LastPass. The breach was a serious issue and users should find a new password manager and go through the process of changing all of their passwords. But the fail-safes did work assuming the users created a proper randomized master password.
So while data breaches can happen even with the most professional security companies, regular businesses need to operate on which best-practice will give them the lowest chance of a data breach. By that calculation, using a password manager is still the best option.
You Can Still Limit Liability With The Right Password Manager
Should your business ever suffer a data breach, you may be able to limit your liability if you can prove you were using industry-standard security measures. If on the other hand, it can be shown you were using lax password security, that may expose your business to claims of gross negligence.
For almost every business, following industry-standard best practices like using a security-based enterprise password manager will generally lessen your liability if an incident like a data breach occurs.
What To Look For In A Password Manager For Your Business
Below are some tips to help you choose a password manager for your business that is both secure and easy for your employees to use.
Use MFA (Multi-factor Authentication)
Make sure to choose a manager that allows for multi-factor authorization. This means you can use a secondary device to confirm your identity in addition to your password. The best version of these uses an authorization app like Authy instead of just SMS.
Cloud or On-Premise
This relates to where your passwords are stored. Using a cloud service is generally the easiest, but some managers allow you to store passwords locally if preferred or if cloud storage is simply not needed.
Check to see that the password manager you choose is compatible with your devices, software, and workflows.
For example, if you’re a design company that uses Mac computers, you will need to make sure they offer compatibility with MacOS.
This goes for all devices as well. Most platforms support both Android and iOS, but it’s important to check before committing.
Your business may only use one specific browser, such as Chrome or Microsoft Edge. If you want a password manager that has a browser extension, make sure it works with the browser your business uses.
Some password managers only work with Chrome or Firefox. So it’s important to see which browsers the manager supports before choosing.
Most paid password managers offer extra features to go along with simple password storage. Some of these may be helpful for some businesses, but others may have no use for them.
If you don’t need the extra features, choose a paid tier without those features. If the password manager does not allow you to exclude the extra features, perhaps choose a different option if cost savings are important to you.
Choosing Paid Or Free Options
There are several free password managers out there and they can be useful. But for most business situations, a paid version from a respected company is going to be your best bet.
You don’t want to skimp on security and free software can often stop being supported without much warning.
Help With Online Payments And Security
When accepting online payments, online security should be a top concern so you can avoid costly data breaches and the possible loss of your merchant account.
If you need a merchant account solution with the most secure options, contact ECS Payments. Our in-house team of security and support experts can help you maintain your PCI compliance and use all the tools necessary to ensure maximum security.
Contact ECS Payments sales today to learn more about PCI compliance and secure payment processing.