Passwords, apart from employees, are usually the weakest link in any cybersecurity chain. In 2019, Yubico found that two out of three survey respondents shared passwords with colleagues, more than half said they shared exact passwords on business and personal accounts and 57% said they did not change their passwords after a phishing attempt. At a corporate and personal level, it is essential that employees and individuals must tighten up their password management if systems are to stay safe from attack,
One current wisdom is that people should use three random words as a password and these words must not include the name of a pet! Personally, I prefer to use a robust password manager. I have hundreds of passwords for a broad spectrum of sites and services and without a password manager, I would be lost. So much so that my wife says that I would lose my balls if they were not in a sac, my memory is that bad!
There are numerous password managers out there and to deploy some of these at a corporate level would be a costly exercise. However, they are cheap compared to the cost of a successful hacking attack where important organisational data is stolen or ransomware installed.
Dashlane and 1Password are two of the leading names. Dashlane for a business team account comes in at $8 a month per seat while 1password comes in at the same. There are business discounts for larger numbers of accounts and, naturally, personal and family accounts are cheaper, but not by much.
When choosing a password management tool, ease of use for deployment across an organisation must be a factor to bear in mind. They must also be easy for the end-user to manage. I found Dashlane to be too powerful and would leap up on the screen at the slightest opportunity. I used 1Password for many years as a premium user, but issues with the Android browser app could not be resolved by the support team and I didn’t see any point in paying more than £30 a year for a malfunctioning service.
Out of frustration I tried Bitwarden’s free service and was so impressed I quickly coughed up the £10 required for the premium service even though the free version would have kept me safe. However, I believe that end-users must pay to ensure that development continues.
Years ago the wise men of cybersecurity said that you should change passwords on a regular basis. These days the wisdom is that if a password hasn’t been hacked over the years, there’s a very good chance it would never be. So, only change passwords when you think you have been violated. Most password managers include a tool that will sniff out if any of your accounts have been threatened or you can use the Have I Been Pawned website to see if any of your emails have appeared on the dark web and are being used by scammers.
Using a strong, unique password is a must and all commercial password managers include a tool that will generate a seriously random series of letters, numbers and symbols that are unbreakable unless a scammer has got their grubby hands on a quantum computer!
Finally, slip in an extra layer of protection by utilising a 2FA (Two Factor Authentification) tool that is deployed on mobile devices and which generates random six numbers every 30 seconds. You can tread my take on 2FA tools here.