Passwords are something we deal with every single day. Most passwords, however, are horrendously insecure. That's where password managers come in - if you aren't willing to phase out password-based authentication entirely, it's imperative that you equip your staff with one.
According to a survey Google carried out last year, two in three people recycle their password across multiple accounts. Not just personal accounts, either. That includes business logins.
As a sysadmin, you should find that figure troubling. Because while it may seem like a natural solution to the problem of having to remember login data for several hundred different accounts, this type of online behavior is extremely risky.
Consider, for example, that according to the 2019 Verizon Data Breach Incident Report, passwords are still the weak link in virtually every organization's security.
It's almost ironic that people don't put more emphasis on keeping their passwords safe. Passwords are the key to our digital lives, yet they're more often treated as an inconvenience. To some extent, this is understandable.
In a 2018 survey by antivirus developer McAfee, consumers maintained an average of 23 online accounts that required a password. Expecting people to not only brainstorm and memorize a secure password for each of these accounts, but also regularly update that password, verges on lunacy. It's understandable that, when an employer asks their staff to create a password for a corporate login, they do one of two things.
Either they'll use one strong password, that they use without variations for every account, or they'll use a weak, easy to remember password. The catastrophic data breaches seen by many large companies in recent years provide a clear picture of why this is a poor approach, as best. Why it's essential to use different, secure, and unique passwords for every user system that an employee interacts with.
But what's the alternative? No one wants to call IT three times a week to reset their password because they forgot which overly long string of letters, numbers, symbols, and capitalization were used for a specific account. A password manager provides the solution to this problem.
It allows people to create and memorize a single strong password, while the password manager itself strengthens the authentication of every single account it manages. By providing each employee with their own password management application, you're not only strengthening your own security but also allowing them to better protect their personal data.
Whether you choose to develop a password manager internally or simply purchase licenses for an established application, you can combine the software with a few additional practices to even further improve security. Internal specialists and external consultants can conduct audits that scan for vulnerable passwords, for instance. And you can still emphasize the importance of a strong master password for employees who are using your application.
It's understandable to want to use one password for everything to avoid getting locked out of accounts. After all, no one can be expected to memorize and regularly update scores of unique passwords. With a password manager, that's no longer necessary - and that's precisely why it's imperative that you start using one.
It indicates that you're being proactive about possible security issues that may surface in the near future. A small investment in better password hygiene now is far better than multiple lawsuits and regulatory fines from a data breach later, after all. You can't un-burn a loaf of bread, after all.