The problem with passwords is… us! Recently the National Cyber Security Centre (the part of GCHQ responsible for Cyber Security) published survey results into password risks. The results are quite frightening and show that a lot of people use easily guessable passwords. Top of the list was “123456” used by an estimated 23.2 million people followed by “12345678”, “qwerty” and “password”.
Why is this?
This is because we create passwords that we can remember easily. Whereas what we should be doing, is creating long passwords because the longer the password, the more time that it will take for computers to crack the password. However, it is also difficult to remember lots of passwords, so people not only make passwords simple, but they use them over and over again.
What happens after a breach of user credentials is that the bad guys use the compromised credentials (gained in the breach) against other well-known web sites to try to gain access in an attack known as Credential Stuffing. If you use the same username and password across multiple sites, then you are at risk of all accounts that use the same credentials becoming compromised.
What is the answer?
The answer is to use a Password Manager to manage your passwords for you. A password manager is a software solution that does the work of creating, remembering and filling in passwords automatically. When you log into an online account for the first time, a Password Manager can store your username and password securely, so every time you go back to the same site, your credentials will be filled in automatically.
Why use a Password Manager?
- 81% of breaches are caused by weak or reused passwords.
- 61% of people use the same or similar passwords for all accounts.
- 37% of people forget a password at least once a week.
- It’s essential that each account has a unique password.
- You have more online passwords that you can possibly remember
The two most important points about passwords is that they need to be long and they should never be used in more than one place. These two factors alone make it impossible to remember so many different / long passwords.
Should I use a Password Manager?
The UK Government’s National Cyber Security Centre (NCSC) recommend using a Password Manager because “they give you huge advantages in a world where there’s far too many passwords for anyone to remember”.
Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security. Cyber Essentials states “It is acceptable to use a respected password manager application”.
Castle have partnered with the world leading Password Manager provider LastPass to bring you LastPass Enterprise. LastPass Enterprise integrates with Active Directory for automated, centralised management and oversight and with over 100 policies can be tailored to suit your exact organisational needs.
LastPass Enterprise helps:
- Organise all your passwords into a secure searchable vault
- One Master Password – The password vault is accessed via one master password which should be the LastPass(word) you ever need to remember
- Private Master Password – LastPass does not send or store the master password. LastPass believe that if they can’t access your data neither can hackers.
- AutoFill Credentials – saving time and reducing the risk of Phishing because the credentials will not be entered into a rogue duplicate site
- Sync Everywhere – use across multiple devices and passwords are always backed up
- Strong Encryption – AES256 encryption is used exclusively on your device to encrypt all data before being synced to LastPass
- Uncrackable – generate strong passwords
- Share passwords – securely with the team allowing other people to use passwords without even seeing them.
- Geographic Login Restrictions – Access to your password vault can be locked down to geographic locations such as the UK only
- Two Factor Authentication – can be used prior to provide an additional layer of security to your LastPass password vault.
- Secure Notes – not just for passwords (credit card / passport / National Insurance number etc.)
- Security Challenge – provides the ability to review passwords for weak or duplicated passwords.
- Compliance – Provide detailed reporting logs for auditing and compliance.
Not only is LastPass Enterprise SOC 2 certified and LastPass are regularly audited but Gartner has also named LastPass a notable vendor in their 2018 Midmarket Context: ‘Magic Quadrant for Access Management, Worldwide’ Report.
For a low monthly cost per user, the pain and frustration of passwords can be eliminated, to give peace of mind, greater confidence in digital security and ultimately improve the overall security posture of the organisation. To find out more contact us.