FEATURE
find out more about the criticality of enterprises using a password manager for increased protection .
Can you talk us through the current state of password security and how the use of passwords has changed in recent years ?
Passwords – one of the oldest aspects of the Internet – continue to be a pain point for organisations . They appear as mundane and antiquated , yet so many companies have still yet to solve them . And while these are not new challenges , they have very much been heightened by the pandemic , remote work and the rise of cyberattacks in the past few years . The reason for this is the increased time employees are spending online to get their work done ( collaborating , sharing work , communicating ) and the new accounts that are needed to do so , and in turn passwords .
One of the challenges revealed in the report is that employees are struggling with too many passwords . How would you offer a solution ?
I ’ d approach this in three ways . First ; you must start with education on the risks associated with poor password behaviour . Never reuse passwords , always change compromised passwords , use complex ones where you can . Explain to them why these things are dangerous and what could be at stake . Of course , we are all human , so this brings me to the second piece . Two ; you must give your employees a solution or technology that allows them to use the education you ’ re preaching in the first part . Give them a password manager that makes it extremely easy to use unique , complex passwords because you never actually have to remember those passwords . Integrate key business apps with SAML for a single click sign on experience . And layer on MFA wherever possible for that extra step of authentication . Finally ; the third approach is to think longer term about passwords in your business . What is the path to removing passwords from the workflow entirely ? Consider this path and what will be required for your business to get there .
How should CISOs be guiding their teams when it comes to understanding the importance of password protection ?
As security leaders , we are obviously all focused on the security narrative – long , complex and unique is the best way . However , at a surface level , that can be seen as a hurdle for employees – it will create more hoops before making it easier to log in . In addition to educating on the best password and cyber hygiene that I mentioned above , a critical piece to communicate to your end-users is how simple it is to take password security seriously when you have the right tools in place – a password manager makes it easy to log in to your accounts ; single sign on gets you in with just one click . Yes , these tools give security leaders peace of mind and check boxes for compliance , but for your teams , the message is that it will make their lives much easier in the process as well .
How fundamental are password managers to securing identity and access within an organisation ?
No organisation ’ s identity tech stack is complete without password management . Single sign on typically covers the big apps – the one that multiple teams are using , and the
company is willing to invest the resources and time to integrate with SAML . Multi-Factor Authentication gets put in front of those applications for a second layer of security . But what about the applications that don ’ t have SAML enabled – your company ’ s social media accounts , the corporate credit card , the apps your HR team is using but IT doesn ’ t know about – those accounts all have company data in them and need to be secured . That ’ s where a password manager comes in to fill the gaps that inevitably are left by SSO and MFA .
What does the future hold for password protection and how will this affect enterprises ?
Based on the inherent human element within passwords ( we set our own passwords , we resort to weak or reused passwords , we find workarounds wherever we can ) and the increasing frequency of cyberattacks , the importance of password security will only continue to rise . Until passwords are completely removed from the online experience – which is a massive , longterm endeavour – the need to educate our employees on best practices and provide them with solutions to turn that advice into action will be a priority for companies . Hackers will get savvier and businesses will only have more to lose ; now is the time to instil the priority of password security into our employees because each company is only as strong as their employees ’ weakest password . u
50 www . intelligentciso . com