CISA: Enforcing a password manager protects your business

According to CISA:

• Small and medium businesses are a regular target for malicious hackers, and a common entry point is stolen or weak passwords.
• The use of a password manager can keep your business safe.
• Strong, long, random passwords should be used across all of your personal and business accounts.

While this guidance may seem common sense, recent research has indicated that weak passwords represent perpetual risk for organizations and individuals:

• 61% of employees have poor password practices, like reusing passwords or neglecting to reset the IT-selected defaults (1Password State of Enterprise Security, 2024)
• Use of stolen credentials remains the top/most common ‘action’ in breaches last year (24%), representing 38% of all breaches recorded in 2023 (Verizon Data Breach Report, 2024)
• More than two-thirds of security pros (69%) say single sign-on (SSO) tools are not a complete solution for securing employees’ identity – highlighting the need for a way to secure logins that exist outside of SSO (1Password State of Enterprise Security, 2024)

What does this mean for businesses?

In the near term, organizations should review their IT and security guidelines to ensure that secure password best practices are met. CISA provides clear guidelines for strong, unique passwords, including:

• Length - Passwords should be at least 16 characters, with longer being better.
• Random - Passwords should include a mix of upper and lowercase letters, numbers, symbols.
• Unique - Every account should have a unique password.

Long term, CISA recommends implementing an enterprise password manager that includes a password generator, can store passwords, and can autofill credentials for all of your accounts. This is because password managers play a critical role in enabling employees to create, manage, and use custom, unique, and strong passwords across every application and web sign-in used. The impact is tangible across SMBs and the enterprise:

Finally, CISA also recommends changing default credentials on all software and hardware products.

What does this mean for individuals and families?

CISA’s guidance goes beyond strong password requirements for businesses, and also recommends the use of strong passwords and a password management solution for personal use. After all, if you use good password practices in one aspect of life, you are more likely to apply it to every aspect of life.

Using a personal password manager can help make sure that employees aren’t reusing personal passwords for business purposes, or vice versa. This helps to reduce the risk of a business being compromised in the event that an employee is personally compromised.

Password security: additional considerations

Going beyond creating and storing passwords, password managers can also provide additional functionality that benefits organizations and consumers. The best password managers combine high ease-of-use while streamlining the creation and management of passwords.

Additional benefits may include:

• Protecting additional sensitive information beyond passwords (such as credit card numbers)
• Syncing of passwords across all devices, major browsers (including Chrome, Firefox, and Safari), and major operating systems (such as Microsoft Windows, iOS, and Android)
• Secure password sharing with family members or other employees
• Simplified onboarding and offboarding of employees

How 1Password can help

1Password Password Manager is trusted by over 150,000 businesses and millions of consumers globally to secure and manage their credentials. 1Password Password Manager can help organizations of every size meet the guidelines set forth by CISA:

Easily create and manage strong passwords

1Password Password Manager can create strong, secure, and random passwords for every sign in. These passwords can be accessed and autofilled from any device or web browser (typically via browser extensions).

Set password security policies – including the use of multi-factor authentication (MFA) and passkeys

Organizations can set specific password security policies – such as those set forth by CISA above – to govern how passwords are created and used. 1Password Password Manager also helps with two-factor authentication (2FA) and enables the use of passkeys and biometrics. In addition to securing sensitive data, strong password security policies can also help support security audits.

Prevent breaches with proactive monitoring

With Watchtower, 1Password Password Manager enables organizations and individuals to identify if any passwords, emails, or company domains have been compromised.

Family account with business account

Every business license comes with a free family plan for every employee, so every team member can create and use strong password management personally and professionally.

You can get started addressing CISA’s password guidelines by signing up for a free 1Password trial or contacting us.

Dominic Garcia

Director of Content