Do you have employees who save their passwords to their web browsers or have passwords synced to their browser accounts? Your browser password manager may be a tempting convenience, but it is also a risk to the security of your business. Analysis of the recent Cisco network breach (Threatpost) revealed that the hacker gained access to the network through an employee’s compromised Google account in which they had passwords saved.
Password Managers Help Prevent Breaches
Everyone struggles with the challenge of producing new, creative, memorable, and difficult-to-crack passwords. What ends up happening? Users finally come up with a password that meets system criteria and works for them, and they then reuse it everywhere. The drawback to the user – and your business – is that if a hacker does manage to crack the password, they have access to multiple sites as well as your network.
Alternatively, users rely on their browser password managers to not only randomly create passwords but to remember them all. Then, as Cisco unfortunately experienced, a hacker must only gain access to one employee’s network password saved to their browser of choice, thereby gaining access to the entire company network.
Your Web Browser Password Manager Is Not a Password Manager Solution
Jack Wallen authored an article in 2019 for TechRepublic arguing against the use of browsers as password managers. Years later, people are still using them, and the passwords are still as accessible now as they were then, and with only a few clicks. If your staff is using a browser to remember passwords, they are putting your network at risk. End of story.
Why Use a Password Manager?
According to a recent study, users are more careless than ever with their passwords, especially digital natives. Nearly 35% of all employees are using the same password for most of their logins. It’s a messy situation, one that most organizations can’t completely control. However, organizations can control how their teams access their networks. A secure password manager like the one thinkCSC uses, offers a number of benefits to your organization:
The best part of using a password manager is that one password rules them all. No matter how many passwords are necessary to access all the password-protected accounts used, the user only has to remember one password – the one for the password manager. All other passwords are safely and securely stored inside the password manager.
Password managers will generate passwords for new password-protected sites for which the user registers, saving the time and the effort of having to produce a new password, as well as the inherent risk in simply reusing a password. The password generator is beneficial when the user must change a forgotten password, are prompted to change it as a matter of course, or have had a password compromised.
If users need to share access to password-protected sites, they can do so without compromising their personal passwords, by utilizing the password manager.
One of the reasons people save passwords to their browsers is because of the autofill feature. Using a browser extension, this advantage is still available with a password manager.
Access password-protected sites securely from multiple devices
A password manager allows users to access their password-protected sites securely from any device that they are using.
Implementing a Password Manager Improves Data Security
For added security, you can require all your employees to use two-factor authentication (2FA) or multi-factor authentication (MFA) for logging into a password manager. You can also use the password manager to ensure that strong passwords (in both length and complexity) are being used. And, to better ensure your overall data security, you can conduct audits with the password manager to confirm that network access passwords are not being used elsewhere and are not already involved in a known data breach.
Organizations are under attack every day and must take security more seriously. Employing a password manager that employees are required to use can significantly reduce risk, especially if they also disable the ability to save passwords in a browser.
Password managers are just one more way in which thinkCSC can help you minimize the impact of global threats. In addition to a password manager, we offer additional services to strengthen your infrastructure, including vulnerability scanning, internal and external penetration testing, web app penetration testing, security assessments, policy development, and security awareness training. Contact us to learn more.