Unauthorized computer access exposes an organization to numerous security risks, such as data theft and malware infections. However, robust password management practices provide the first line of defense against intruders. Almost everyone uses a password to secure email accounts, social media accounts, and work-issued devices. However, some users do not adhere to recommended password security practices, and it is crucial to understand various password management concepts.
What is Password Management?
Passwords are a protection mechanism that authenticates users before allowing them to access computer resources. While passwords remain among the most widely used authentication methods today, misuse or mishandling can expose a company to multiple security threats. Therefore, IT admins must implement suitable password management strategies that guide users to create, store, and use secure passwords.
In this case, password management consists of critical policies, principles, and best practices that enable users to manage their passwords efficiently. Also, password management is crucial to protecting sensitive data and other computer resources from malicious individuals or unauthorized access instances.
Every Organization Needs Effective Password Management
In an era where enterprises are witnessing a proliferation of IoT devices, they cannot afford to create weak passwords or practice unhealthy password management habits. Unfortunately, many employees have poor password management practices and are a liability to organizational cybersecurity.
The following password statistics underscore the importance of adopting proper password management habits:
1. At least 2.2 billion passwords exposed:
More than 2.2 billion unique passwords were exposed in different credential theft attacks in 2019, which later found their way to the dark web. Credential theft empowers cyber adversaries to execute malicious actions like financial fraud and stealing confidential information.
2. 53% of IT professionals don't change password management methods after attacks:
A Ponemon Institute state of password and authentication security, sponsored by Yubico, found that organizations of 12% and 8% of the responding IT experts had been a victim of phishing attacks and man-in-the-middle attacks, respectively. However, only 52% stated that their organizations changed their password management tactics or corporate accounts protection strategies. Interestingly, the IT security participants said they reuse passwords in an average of 12 work accounts, whereas employees stated they reuse passwords in not less than 16 work accounts.
3. Companies lack measures for securing information stored in mobile devices:
The Ponemon Institute research revealed that numerous organizations are increasingly adopting mobile devices. For example, 55% of the IT professionals reported they permit mobile devices, whereas 45% of employees responding to the research stated they use mobile devices for work reasons. Yet, shockingly, 62% of the IT security participants revealed that their organizations are yet to adopt sufficient controls for protecting mobile device data, and 56% don't use multifactor authentication to validate and authenticate users.
4. Younger internet users are overconfident regarding online security:
A Harris Poll involving 3,000 adults in the U.S. showed that younger individuals are overconfident concerning internet security. According to the survey, 71% of the respondents stated they couldn't fall for phishing or other social engineering methods hackers use to trick users into revealing sensitive information like passwords or usernames. However, only 44% understand how phishing methods work. In addition, the same poll found that 67% of young adults often share passwords over different online accounts, which is not a secure way of sharing passwords.
5. More than half of individuals scammed through phishing attacks don't change their passwords:
57% of individuals scammed through phishing methods don't change passwords protecting various accounts. However, failing to change compromised passwords exposes them to far-ranging security threats, such as identity theft and breaches that can impact the entire organization.
Common Password Management Mistakes
The above password security statistics prove that effective password management is critical for all entities. Despite this, the majority of employees still make preventable errors when creating or managing their passwords. The following are common password management mistakes every company should be wary of:
1. Creating Passwords Using Dictionary Words
As the term implies, a dictionary word is any word found in the dictionary. Dictionary words are easy to remember; hence some users use them to create passwords for protecting crucial accounts. However, dictionary word-based passwords are unrecommended since hackers use dictionary attacks to crack passwords. Specifically, attackers develop programs containing nearly all dictionary words and use them to crack account passwords. The programs try one word after the other until the correct passwords provide access to secure accounts.
2. Password Reuse Across Multiple Accounts
Password reuse is a common practice among most individuals. The primary reason users reuse passwords is that they cannot memorize each password created for individual accounts. As such, password reuse comes as a better alternative since they only require memorizing one password. Nevertheless, password reuse is a dangerous practice that can enable attackers to compromise accounts protected with the same password. For example, one hack can expose the usernames and passwords employees use to secure their work accounts. Hackers can use the compromised passwords to track and compromise other accounts using the same password.
3. Using Known Names to Create a Password
When cracking passwords using password-guessing techniques, malicious adversaries first attempt several combinations of all known names associated with the victim. These could be the victims' names, date of birth, family members' names, favorite sports stars, and so on. As a result, cybercriminals can crack such passwords with relative ease and gain unauthorized access to critical computer resources. That said, users should use special characters, numbers, and alphabetical letters (uppercase and lowercase) to create hard-to-guess passwords.
4. Creating Passwords Using Adjacent Keyboard Keys
Most users notoriously use adjacent keyboard keys to create passwords. Examples of such passwords are 1234567890, qwertyuiop, lkjhgfdsa, qwerty12345, etc. Similar to password reuse, individuals using adjacent keyboard keys to create passwords state that they do so to avoid remembering complex passwords. On the other hand, the approach is an unhealthy cybersecurity practice that can expose a company to different cyberattacks. Brute-force attacks can crack such passwords in a few minutes, potentially causing widespread damage. Besides, it is easy to guess passwords created using adjacent keys, and it is, therefore, an ill-advised practice.