password

3.2 billion is the total number of unique pairs of cleartext emails and passwords that were leaked in what is being called the biggest breach of all time and the mother of all breaches, COMB, aka the Compilation of Many Breaches. The size alone of this massive breach makes it one of the most notable examples to date. But there have been other recent examples that hit close to home for many—like the breach of more than 500,000 Zoom accounts, which were listed for sale in dark web hacker forums. It’s believed that these account details were captured via credential stuffing, a type of attack in which hackers use previously stolen account credentials in a large-scale, automated attempt to gain access to a different company’s accounts. Cyble, the cybersecurity firm that discovered the breached accounts, said each account contained the username and password as well as the registered email address, host key, and personal meeting URL.

What makes the Zoom incident particularly pertinent is that the service is used by many employees who are working from home due to COVID-19. A recent Dashlane survey found that among U.S. employees working from home, more than half (57%) say they are using new or more technically advanced products and services. These include tools for videoconferencing, VPNs, anti-malware protection, and password managers.

Compounding risks, many home-bound employees (51%) are using personal devices and equipment to access business systems. Yet only 45% employ multifactor authentication when they log in to work apps and networks on their mobile devices. Similarly, just 45% of businesses say they have taken steps to protect information stored on employees’ phones and devices.

How the best employees can create the worst risks 

Most employees don’t set out to intentionally leak credentials that can put their company at risk. They do so unwittingly by clicking phishing lures, using weak passwords, or accidentally leaking logins.

Password overload is one explanation for weak passwords. Employees typically have dozens of passwords to keep track of. To simplify the process, they often favor passwords like 123456,  qwerty, and even password.

You’d think that strict password policies would eliminate the use of these types of credentials. The trouble is that policies are often not closely monitored or enforced. Consider that though 67% of companies have a password policy for employees, only 34% say they strictly enforce it. In fact, 59% of companies say their #1 password-management technique is human memory, followed by sticky notes at 42%.

Making matters worse, employees often reuse these ineffective passwords across multiple accounts, both business and personal. In the workplace, users recycle passwords across an average of 16 business accounts. They also share passwords at work with team members using unsecure methods such as Slack and email.

Another common faux pas: People often scribble passwords on sticky notes, then attach them to their laptop or monitor. That could be risker than you think—just ask Lisa Kudrow. The Friends actress posted a photo on Instagram of her computer monitor, which included a sticky note with her password clearly legible.

Why your password policies aren’t doing the job

A basic tenet of password management is requiring that employees change passwords on a regular basis. About two-thirds (67%) of companies use periodic password changes to enhance security. But employees may balk at having to change passwords across dozens of accounts.

In fact, frequent password changes can incentivize employees to create weaker passwords or make minor tweaks to previous credentials. If you are overly strict about password changes or require them too frequently, you could be doing more harm than good. The solution? A business password manager with SSO that gives you unsurpassed security and insight, without requiring frequent employee password changes.

How password managers can help protect your business

From password overload to the increased risks of work-from-home programs, you’ve got more than ever to consider when it comes to effective cybersecurity.  A password manager can help your company reduce risk and increase operational efficiencies.

Password managers for teams help users generate strong, secure passwords that can be synchronized across multiple devices, whether desktop or mobile. Password managers typically separate personal and business credentials to help ensure employees don’t leak or leave with sensitive business information and intellectual property. The best password managers also help IT monitor and measure security performance by creating a security score based on metrics like reuse of passwords across business and personal accounts.

Among employees, password managers free people from having to remember (or write down) dozens of passwords. They also enable coworkers to securely share passwords while lessening the likelihood of a data breach.

A business password manager makes it easy for all employees—including remote workers—to safely and securely access your network and share data. Password managers also give system admins greater control over passwords. As the administrator, you’ll have greater flexibility to grant and revoke access to employees wherever they are.

With a password manager, you’ll also be able to see your network security status at a glance and uncover (and mitigate) any potential risks. Opting for a password manager for small businesses can help prevent costly breaches and downtime and ensure that your loyal employees don’t unwittingly expose your business to risk.

Jay Leaf-Clark is Dashlane’s Head of IT. Jay’s a solutions-orientated IT leader with 16 years of experience developing and implementing technical solutions to tackle aging and underutilized processes, internal platforms, and technical personnel. His goal is to take an IT department and make it resilient, cutting-edge, user-friendly, and efficient.

Passwords stock photo by Vitalii Vodolazskyi/Shutterstock