We know, we know. We go on and on about password security and password strength here at Solutions Review, ad nauseum. However, we have good reason to do so. Password strength is a vital enterprise consideration, and February 1 is National Change Your Password Day.
Passwords occupy a strange place in enterprise-level identity and access management (IAM). In reality, they represent only a tiny subset of IAM’s full capabilities, which include role management, governance, compliance, multifactor authentication, single sign-on, and more. Yet at the same time, most employees and privileged users interact with their digital identities and your IAM solution through passwords exclusively.
Despite the rise in biometric authentication, most employees still trust (and understand) passwords more than the relatively new technology. Simultaneously, insufficient password strength can lead to hackers easily cracking or guessing employees’ credentials. Moreover, many employees continue to repeat their passwords or use passwords considered inherently weak. Once a hacker has their hands on a weak password, they basically have free reign in your enterprise network; they can act quickly before your threat detection capabilities can recognize the damage.
All in all, you need to improve your employees’ password strength. In fact, you need to make improving your password strength a part of your everyday business practices.
Why? How? Here are a few suggestions:
Why Make Password Strength a Business Process Requirement?
Everything stems back to your employees’ identities; everything they do online, in your network, and in their roles starts with a login in your network. Every time an employee logs in, therefore, they open the door to your network…both for themselves and to possible threat actors.
While enterprises often favor speed and efficiency over security, you can’t just relegate cybersecurity and password safety to the IT security team. Digital interactions are too prevalent and essential for your cybersecurity professionals to adequately protect the enterprise by themselves.
Furthermore, allowing hackers to crack a password can cost your enterprise millions of dollars in legal fees, security audits, regulatory fees, and lost business. In other words: even if you didn’t consider cybersecurity a priority before, you need to now.
In turn, this means your employees need to consider their adoption of identity security best practices to keep threat actors out. Without this participation and self-reflection, your employees become your enterprise’s largest digital attack vector. However, employees often neglect password strength best practices or remain ignorant of them.
By making better password strength a business practice, you can shake them out of their negligence. What tactics can you take?
Make Employees Examine their Password Strength
Make employees confront their password strength practices head-on; if your employees can see their vulnerabilities, the higher the likelihood they act.
Your enterprise can achieve this in part through engaging and continual identity security training which demonstrates what constitutes a weak password. However, you can also mandate employees to examine their own password practices. Have I Been Pwned? Allows employees to check if a data breach compromised their credentials, persuading them to improve their password strength by abandoning leaked passwords. The Password Strength Test by My1Login safely demonstrates how easily hackers can crack weak passwords.
However, the old saying holds true, “you can lead a horse to water, but you can’t make them drink.” You need to take the next step to make sure your employee take these messages to heart.
Facilitate Password Strength Through Your Solution
Many employees refuse to adopt password strength best practices because they worry about forgetting their password and having to go through the rigamarole of recovering it. Therefore you, through your next generation IAM solution, must make adopting password best practices as natural as possible.
You can do this by:
- Incorporating a password manager into your cybersecurity platform.
- Deploying password self-recovery procedures.
- Deploying a single sign-on protocol, limiting the number of passwords employees must remember.
- Incorporating different secure authentication options as through multifactor authentication, such as hard tokens, SMS messages, and biometrics.
Incentivize Stronger Passwords
Finally, your employees have to see tangible benefits to improving their password strength. This can include small rewards for strong passwords, recognition for following best practices, and positive employee reviews for healthy cybersecurity awareness.
An incentive does not need to be large to influence employees; it just has to be obtainable and appealing.
Password strength comes directly from your employees. The stronger they are, the stronger you are. In the digital marketplace, only the strongest can endure the deluge of attacks.
Latest posts by Ben Canner (see all)
- Key Findings: The Gartner 2019 Critical Capabilities for Identity Governance and Administration - November 13, 2019
- 60 Percent of Enterprises Misunderstand Cloud Security Responsibility Sharing - November 12, 2019
- 5 Identity Management Insight Videos for 2019 (and 2020) - November 11, 2019