In today’s technology driven world, the average user has over 100 passwords to remember and many people save or store their passwords in some of the worst places. Most businesses realize that users and passwords are not a secure way to authenticate the people and devices that have access to their network. But, employee passwords may provide hackers quick access to your data or network. In this article, we’ll explore the password dilemma and best practices for businesses to protect your users and data.
Which Browsers & Machines Are Most Commonly Targeted?
The majority of attacks are often targeted towards Chrome and Microsoft browsers because they happen to be the most widely used browsers, but that’s not to say that Safari, Mozilla or other browsers aren’t subject to attacks as well. According to PC Mag, “Windows computers were targets of 83% of all malware attacks in Q1 2020.” So, regardless of any protective measures, users in these environments are the most susceptible to attacks. You don’t need to be a cyber criminal to be able to find passwords in a browser – you simply need a little code and remote or physical access to the machine. So, the bottom line here is do not ever store passwords in a browser.
Educating Users
Malware is the most common way that hackers access your machines or email accounts. Malware is most commonly spread when a user clicks, downloads, or installs something. Malware is most often attached to files or hidden in links. Unknowingly, one uneducated user can infect an entire network in minutes. In this case, it’s not about the employee passwords stored in the browser, but the naive employee clicking on the wrong content.
Many organizations require employees to attend training on the basic techniques used by hackers – primarily email, text, and even calendar invites. Conscious Networks helps clients deploy mock phishing campaigns to identify users who need additional training. It’s also a great idea to set up standard protocols for reporting suspicious emails or links so that employees feel empowered to double-check the content before clicking a link or forwarding an email.
Password Managers
With each user, on average, tasked with managing over 100 passwords, password management software has become quite popular. But, there are pros and cons to this software too – some store employee passwords in the cloud and some store passwords locally or a combination thereof. There are obvious pros/cons to each. Here’s a quick recap:
- LOCAL Password Managers
- Pros:
- Data stored locally on the device
- Not stored on a server and may be harder to hack
- Gives you full control over where the file is stored and how it is backed up.
- Cons:
- If the device is stolen, your data is lost and there is no way to recover it
- Shared devices are only as secure as each person who uses them.
- If you click on a bad link, you may open up remote access, unknowingly.
- No ability to access the data remotely.
- Pros:
- CLOUD Password Managers
-
- Pros:
- Accessible from anywhere
- Information is backed up and recoverable
- Cons:
- You are relying on the cloud provider and any of their service providers to secure your data.
- If the cloud provider is breached, your data is going to be ‘out there’.
- Pros:
-
So, if you elect to use a password manager, you’ll need to be sure that you’ve considered the pros and cons of each platform. It’s important to realize that there is no ‘one size fits all’ for protecting sensitive information.
PC World provides a suggestion for a hybrid of the two most popular password manager options. “You can strike a middle ground between the two camps—basically concoct a quasi-homebrew version of a cloud-based password manager. You’d use KeePass, a password manager that relies upon a local database and offers multi-device support, then store that database file in a cloud storage account you trust. The idea is that a company like Google, Microsoft, or even Dropbox has more resources to ward off unauthorized access. Provided that you have a strong password to protect that account and enable two-factor authentication, the likelihood of someone then also coming across your KeePass password database remains much lower. You can also move that file around much more easily, so if Google changes its privacy policy or storage encryption methodology, you can immediately hop on over to a different service.”
Use Multi-Factor (MFA) or Two Factor Authentication (2FA)
Two factor (2FA) or multi-factor authentication (MFA) provides an extra level of protection for any business. In the simplest terms, it requires the user to enter their username and password and then be provided a separate code or key to access the business’ systems. Often, this is done with either a separate device, or via text or email. Some users may think this process is more cumbersome, but is a great tool for preventing unauthorized access, even if your password is stolen. Many businesses now require 2FA or MFA for all employees and often, customers, accessing their platforms.
Biometrics is another way to authenticate users and verify identity. This can be performed with facial login, fingerprints, handwriting, or other unique identifier. While this is certainly more secure, it does have drawbacks for both the employee and customer experience since it can be cumbersome and sometimes difficult.
So, there needs to be a balance of risk vs. reward with any new technology initiatives. Conscious Networks advises businesses on the pros and cons of technology solutions based on the unique needs of your organization. Contact us today to schedule a consultation.