If you keep an eye on security headlines, you may have seen the news that up to one in five work passwords include the company name.
This is according to new research by data protection specialists Acronis, which also suggests that around 80 percent of companies don’t have an established password policy. Both stats are concerning from the point of view of businesses’ online security – but they are trivial to fix if you use an enterprise password manager.
The problem with non-random passwords
People use the name of the company they work for as part of their password to make it memorable. When people are forced to remember passwords, especially those that they need to change regularly, it carries the unintended consequence of making passwords less secure.
People rotate through minor variations of the same base password, such as using their company name with a few extra characters on the end, to check off password policy requirements while still being able to remember their password.
The problem is that hackers can guess the company part of the password, while the remaining characters are easy to crack through computational brute force compared to a truly random password of sufficient length. To put it more simply: Lack of effective password policy puts company data at risk.
Creating safer passwords
You can implement a better password policy in 24 hours by requiring that everyone in the company use 1Password to create the passwords they use at work. Out of the box, 1Password generates strong, unique passwords, and remembers and fills them in for you.
1Password makes the problem of weak passwords go away; because 1Password remembers passwords for everyone in your company, they’re no longer tempted into using the kind of weak, memorable password this research describes. And, after you’re set up with 1Password, you can use Watchtower to find and update weak passwords to stronger ones.
Updating (and enforcing) password policies
1Password Business includes Advanced Protection, which lets you set stricter Master Password requirements for your team to make sure their logins and other important information is safely protected. It also lets you manage two-factor authentication and create rules for how and where your team can use 1Password – for example, preventing logins from countries where no team members are present, and requiring up-to-date apps.
Even if you’re using an identity provider, take note. The prevalence of shadow IT makes it almost inevitable that people in your organization – with the absolute best intentions – are using software and services you’re not aware of to get things done. In the process, they’re very possibly putting company data on external services behind weak passwords (because, hey, they’ve already gone to the trouble of memorizing one work password they can reuse).
Choose peace of mind
Our hearts sink when we see headlines like these because we know there’s a better way. Time and again we see businesses choose against prioritizing their security, and it’s a mistake that can cost businesses eight- or even nine-figure sums.
You can try 1Password Business for free today. When you sign up, your whole team can use 1Password Families at home for free – a great perk that encourages better online security practices both at home and at work.