This year’s update of the 25 ‘worst passwords’ (opens in new tab) sees the debut of several new entrants, including superheroes ‘batman’ and ‘superman’ as a “secure” password.
While many of these passwords are entertaining, for business leaders using cloud applications in their day-to-day operations, this could lead to a serious security risk.
With some of the world’s best technology accessible through the cloud, it is no surprise that today’s businesses are moving to make the most of this valuable resource. Third-party services that used to be complex, expensive and perhaps unattainable for smaller businesses are now just a few clicks away.
But as the number of applications and online accounts employees use on a regular basis continues to grow, cases of lost passwords or account lockdowns are becoming a frequent interruption.
Put simply, we can’t keep up with all of the security questions and passwords to remember.
Remembering passwords has proved to be a growing annoyance for many of us. It is not uncommon for users to react by choosing very basic passwords and rolling these out across all of their accounts.
This obviously creates a huge risk because once one password is cracked, universal access is granted. Sharing account details with others or simply writing them down in an unsecure location is another failsafe way of inviting a hacker to gain easy access to your business accounts.
One of the most effective means of tackling this behaviour is to introduce a password management tool that automatically logs the user into their favourite apps and web sites.
This enables individuals to have separate passwords for all of their accounts without having to commit anything to memory. This tactic is also likely to reduce the leak of a password if it is shared with a colleague by making it far less memorable than a regular word, phrase or number.
Sharing access securely
In some instances however, there are legitimate reasons for why you need to share your account details with a colleague.
Whether you are enabling them to read emails whilst you’re out of the office or granting them access to applications they don’t normally use, sharing passwords over email or instant messaging is often the quickest option, yet definitely not the safest option.
Convenience is a decisive factor in creating a viable alternative to password sharing. One solution rests in password vaults, which establish a password administrator by centralising account management across various applications.
The administrator then has the power to enable and disable access to apps when required. A team member may be granted access to a certain application, but never see the actual password.
This is a particularly useful tool when considering the results of a recent study (opens in new tab) which found that the vast majority of employees at large UK organisations would be tempted to hand over passwords for only £100!
Password vaults effectively streamline the process of disabling user access following someone’s resignation to ensure this best practice is always carried out.
As with all security systems, being prepared for when things go wrong is crucial. It’s likely that at some point a password will be cracked or stolen and you will need an extra line of defence.
Multi-factor authentication requires something in addition to the username and password. For example, after the initial login stage a text is sent to a mobile phone containing a code necessary to complete the login.
Combining an entirely separate device and code means a hacker still has a significant obstacle to overcome in gaining access.
The crux of the issue is that humans are always going to be the weakest link in the security chain. Passwords are compromised because of a number of different reasons - we write them down or share them with others, etc - to get things get done faster when we aren’t in the office.
Achieving the best possible security means adopting processes that people find easy to implement and beneficial to their lives.
Chris Corde is director of products for LogMeIn’s IT Management portfolio.