With the evolution of the internet of things, systems and software available to businesses around the world, there are many times a day where we need to input a password. But how strong is your organization’s password security and what can you do to take it to the next level?
3 Reasons You Should Stop Relying on Passwords
Single-factor authentication (i.e. usernames and passwords) on their own are not sufficient to protect from threat actors. Let's take a look at some of the major risks to using a standard password system.
1. Password Reuse
It's hard enough to remember one random, symbol-filled alphanumeric password, let alone a different one for every platform you use across the web. All too often people resort to reusing passwords. This becomes a major problem when one of those platforms is compromised. If that same password was used to access a corporate resource, such as email or VPN, your organization may be vulnerable.
2. Social Engineering
The amount of personal information on the internet serves as great fuel for hackers who rely on social engineering to gain access to passwords or the accounts they are supposed to protect. Hackers research their target and use the information to stage a customized attack. Whether this is in the form of a phishing email specifically designed to seem legitimate to the recipient, or gathering enough information to impersonate the target to bypass security questions, social engineering is increasingly in the news and presents a large threat to users relying only on passwords.
3. Form-grabbing Malware
Form-grabbing malware can be used to collect authorization and log-in credentials via a web form, such as an employee's username and password, and gain access to the company systems such as a VPN. By retrieving this information before it is passed over the internet to a secure server, the malware is able to avoid HTTPS encryption.
How Strong Are Your Organization’s Passwords
You probably want to start by considering how strong your organization’s password security is currently and what you can do to improve password hygiene within the company.
Okay, you can’t exactly go around asking all your employees their company passwords – plus it would take time and resources which is not an effective way to add more security to your systems. In fact, it’s probably the opposite.
But what you can do is ask your employees to consider their current passwords and whether they could be stronger. Here’s a short set of questions to get you started:
- Is the password the same as what they use at home?
- Is the password related to the company or openly available personal information?
- Have they written their password down in an accessible location such as post-it note or notebook?
Level-Up to Multi-Factor Authentication (MFA)
Whilst a password itself is a type of secret authenticator, we’ve established that relying on passwords alone can leave you vulnerable to breaches. Adding an additional layer of security in the form of multi-factor authentication could help prevent the hacking techniques outlined earlier. Afterall password security is the combination of policies, processes and technologies to ensure that company information is secure.
Editor's Note: This article was originally published in 2014 and updated in November 2022.