116 3rd St SE
Cedar Rapids, Iowa 52401
A study performed by Dashlane in 2017 found that the average American internet user has 150 online accounts that require a password.
Social media, banking, email, business system access and many more credentials require us to maintain a large set of logins for our personal and business use.
One of the most common risks associated with passwords is reusing the same passwords between different logins. A recent survey conducted by Bitwarden found that 85 percent of respondents claimed they reused passwords.
If this situation occurs, one may find themselves susceptible to what is known as “password reuse attack.” Hackers seeking to gain access to various systems will uncover data that was exposed in a data breach that may include usernames and passwords.
Once obtained, they will try the same username and password combinations on a multitude of accounts, hoping they are successful logging into a different account with the same information.
If a person is targeted, they may even go as far as investigating where someone works and trying personal passwords on business systems based on publicly available information such as Facebook and LinkedIn.
One solution to the password reuse attack today is to ensure each login uses a strong and unique password.
With the number of accounts many of us need to remember, this is seemingly impossible to do from memory. The best solution to keeping track of passwords is to use a password manager.
A password manager is a digital vault that should be designed to store passwords in a secure manner.
There are many solution providers today that include LastPass, Dashlane, Bitwarden and 1Password, among many others.
As businesses work to keep themselves protected from different types of password risks, a password vault allows for creation of long, complex and unique passwords for each login that can be easily searched and copied when they are needed for authentication.
When businesses do not offer a password vault for their employees, they are left to their own devices.
Excel sheets are great at doing calculations but are not designed to be password storage solutions. Sticky notes and notepads, while convenient and often require physical access, are not ideal for the obvious reasons.
Password storage built within web browsers natively are not solely designed with password security in mind and may not be enough to secure your information.
While we can debate the merits of one form of password storage versus another, the consensus in the security industry is that password vaults are the ideal solution to store passwords today.
One knock on password vaults is that the information in a vault is protected by one master password. Essentially, all your password eggs are in a single password basket.
While true, it is imperative that when setting up password vaults that additional security controls are enabled, such as multi-factor-authentication, to protect your information.
Much like banking systems today that require you to enter a number from a phone call or text message, having an additional factor of verification to obtain access to your password vault will be extremely important.
It is also crucial that the master password to secure your vault is also unique, long and memorable so that you do not write it down or use other unsecure methods.
Password vaults are essential to any business that values and promotes cybersecurity and seeking to limit security risks within the organization.
As with any decision to purchase or evaluate software, it is important to look at all the options and features available between password managers before making a decision.
Paul Nus is the director of technology at Folience, parent company of The Gazette, and a board member of SecMidwest, a Cedar Rapids based not-for-profit focused on cybersecurity education; SecMidwest.org.