How Centralized Password Management Tools Can Stop Cyberattacks against Businesses
According to the 2019 Verizon Data Breach Investigations Report, 80% of hacking-related security breaches involve passwords. This goes to show that although new technology has augmented the security of passwords, keeping passwords secure is no less important now than in the past.
In recent years, new authentication methods have begun to supplant passwords for some services. Technologies like SAML SSO and OAuth through social media accounts have become popular. These methods outsource authentication and identity to another provider, which can even help to stop some types of cyberattacks. However, these technologies do not completely replace passwords. Some only support traditional authentication, or fall back to standard password authentication, which forces users to manage their passwords anyway.
Although, multi-factor authentication (MFA) has quickly become common, it still suffers from a few issues that make passwords just as important as ever. One-time-password-based MFA (like Google Authenticator) is vulnerable to phishing attacks. Additionally, SIM swap attacks allow attackers to easily bypass SMS-based MFA. Even with perfect MFA (in the form of hardware security keys), passwords should not be ignored.
A 2016 study found that 59% of people reuse passwords for multiple services, while 95% share up to six passwords with other people. These bad habits do not stop at home—the same study shows that over a quarter of respondents even share work-related passwords.
The best solution to this problem is the usage enterprise password management tools which allow business organizations to enforce consistent policies around password storage and security. Without a centralized password management system, employees will likely reuse passwords, use weak ones, or even share passwords through insecure methods. In this article we discuss how these tools can help businesses in the fight against cyberattacks.
What Do Enterprise Password Managers Do?
In essence, password managers store secrets in an encrypted vault. When the user provides their master password, the entire vault is unlocked, giving the user access to their passwords. Instead of remembering passwords for every service, users only need to remember their master password. This can be further secured by using MFA to protect the user’s password vault.
Most password managers integrate with a browser extension. With this extension enabled, users do not need to type or copy their passwords to log into websites. This functionality is similar to browser autofill, but it is backed by a secure password management database.
Password managers provide a few major advantages:
- Each password will be very strong. Since these passwords are generated randomly and do not have to be memorized, password manager users commonly use strong, long passwords.
- Passwords for each service are unique. As a result, the compromise of one service will not result in the credentials to other services being compromised. This prevents cross-account attacks, including credential stuffing.
- Logging into a website does not require typing passwords. In fact, the browser extension automatically fills passwords into login forms with a single click.
- Unlike sticky notes on monitors or other jury-rigged solutions, password managers secure their contents against physical access. Even if someone steals a company laptop, they will not be able to access the password database.
- Cloud-hosted password managers sync password databases to multiple devices securely. Using end-to-end encryption, a malicious intermediary or even a compromised server cannot view the passwords.
- Many password managers can be used to share passwords securely with entire teams.
Some password managers also include the ability to store other kinds of secrets in the database. Private keys for remote access, medical records, and other sensitive data are easy to store in these password managers along with the actual passwords.
What Should Businesses Look For In Enterprise Password Management Solutions?
Using centralized password management is a huge step in the right direction for any organization. However, not all password management solutions are created equal. Keep the following thoughts in mind when selecting a password management solution.
- Companies should look for password managers that use cloud-based or on-premises sync. Employees almost always have multiple devices. Without a sync solution, staff might not use the password management software everywhere. Most password managers that can sync passwords to multiple systems can also share passwords within a team or organization.
- Organizations should prioritize password managers with good security reputations. Security researchers frequently dissect and analyze password managers, because they are some of the most security-critical software used today. Relatively unknown password management software might have hidden security weaknesses.
- Organizations might benefit most from password managers that can integrate with their existing identity management systems. Companies with Windows-based networks frequently use Active Directory already. Many password managers can associate logins with Active Directory to make securing and sharing passwords easier.
The Bottom Line
Enterprise password managers can be used by companies of all sizes, while providing room to grow as the company expands. They offer a variety of features which can save employees time while significantly reducing cybersecurity risks. As business organizations hire more and more employees, maintaining consistent password security becomes increasingly challenging and important. Without a good password management solution in place, business organizations may be opening themselves up to cyberattacks. Given how many data breaches start with a weak, reused, or leaked password, it stands to reason that this is a problem worth addressing.
With almost two decades of experience in supporting business IT needs, including cybersecurity, Outsource IT can provide sound security recommendations and best practices that are easy to implement. Outsource IT has successfully deployed password management and MFA solutions to organizations of all sizes. Contact your account manager to learn more.