Cybercrime is on the rise, businesses have become the number one target, and data breaches are costing companies millions. With most breaches caused by weak, reused, or stolen credentials, it’s time to talk about your passwords.
Times have changed, passwords haven’t
Businesses have relied on passwords for more than 70 years. Back then, and until the rise of enterprise software, there was little need for long, complex passwords. A pet’s name or a spouse’s birthday worked just fine. Fast forward a few decades, and it’s a different story. An estimated 81% of data breaches are now caused by compromised credentials.
If data wasn’t valuable, hackers wouldn’t hack it
The prevalence of cookies, trackers, and other data collection tools has boosted the volume and value of a company’s data assets. Even the smallest company has something to lose from a breach, the most precious being its reputation as a trusted place to do business. And without trust, sales suffer, customers leave, and market shares fall. The larger a company grows, the more it becomes a target and the more valuable its data becomes, both to the company collecting it and to hackers who steal it.
Bad passwords (short, simple, predictable ones) and even complex ones that are reused across multiple applications can cause major havoc, racking up an average of $3.8 million in damage from a single event.
Passwords are the easiest way in
Criminals armed with sophisticated password-guessing software and access to large, leaked data sets like COMB can guess most eight-character passwords in as little as a few seconds, giving them access to invaluable troves of customer and company secrets. It’s no wonder that 300 million security incidents occured in 2020, and the numbers keep rising.
COVID-19’s shelter-in-place mandates have only made these vulnerabilities worse. While company-owned desktop computers sat idle in dark offices, workers booted up their laptops and were greeted by an array of tempting personal productivity software that IT had no way to see or control. Despite heavy investments in SSO, IAM, MFA and other technologies to remove password risk, the growing use of Shadow IT and the realities of human nature made enforcement nearly impossible to control.
We’re all fallible – and that’s okay
Under pressure to meet deadlines and in the privacy of their own homes, information workers often find the simplest way to get work done, whether these methods are covered by IT’s security protocols and policies, or not. In addition, developers, who are moving fast to deliver new projects might forget to remove unencrypted secrets in their code, and their file sharing habits may slip in the heat of a hot delivery date.
These aren’t problems that are going away as the world returns to “normal.” In 2020, companies cast a wide net for new talent, hiring the best candidates from every corner of the globe. So while many workers make their way back to the relative security of the office, many others are opting to work remotely, continuing to collaborate and share information through Zoom, Slack, project management software, Google Docs, “unauthorized” developer tools, and other off-the-approved-list tools.
Every bad password and unprotected secret is a weak link in your company’s foundation, because compromised credentials from one account can give hackers the information they need to access more important data elsewhere in the system. The SolarWinds breach, one of the largest and broadest hacks in history, was made possible by an intern, who set “solarwinds123” as their password.
Adopting an enterprise password manager – the right one – can close these gaps, secure popular productivity software, and make the hybrid workplace a more productive and secure place to work. The success of this strategy depends largely on whether the one you select is easy to adopt and use, because if it isn’t easy, it won’t be used.
Choose the 1 for business
1Password solves the problems that arise from shadow IT, remote work, file sharing, and more, and it doesn’t slow your teams down. While many enterprise password managers make similar claims, 1Password proves its worth in more than 80,000 businesses worldwide because it’s so easy to use, it becomes an integral part of every business process. Every time an app is opened, 1Password is there to provide safe, instant access. Every time a sensitive file is created it goes into a vault to be shared with a select team on a need-to-know basis. And our new Secrets Automation lets developers secure, orchestrate, and manage infrastructure secrets like machine tokens, documents, and code within a core team, safe from prying eyes.
1Password works the way today’s businesses work, integrating with your existing platforms and programs across all devices, so productivity thrives, work flows, and secrets remain secret. With clear visibility and advanced reporting tools, IT is given a complete overview of each individual’s password compliance, alerts of breach attempts, and other critical security information. We protect users at home, too, with free 1Password Families accounts for every employee.
How we’re celebrating World Password Day
We’re building on our 15-year heritage by listening to our customers and continually making our products stronger. So we can say with confidence that adopting 1Password is the first step in building a culture of security and closing many of the gaps that let intruders in.
We’re developing new training, adding new platforms, and innovating powerful, scalable new features, giving you the freedom to think big and grow as fast as you like. In the process, we’ve ventured well beyond the traditional definition of password management. We just announced Secrets Automation, helping businesses secure hardware, code, and other development secrets. And new initiatives are in the pipeline that we can’t wait to tell you about.
So Happy World Password Day everyone! Your secrets are safe with us. 1Password is the 1 for business.