How do you manage business passwords?

There is this widespread misconception about how companies manage business passwords. It is believed that professionals, especially those working in IT, show exemplary cybersecurity practices.

This is the idea we would also love to believe. And yet, statistics suggest that IT professionals are, in fact, more likely to reuse passwords than other individuals (50% and 39%, respectively).

So, how do companies manage business passwords? Are those methods secure? If not, how should you address passwords securely?

How do companies manage business passwords ?

There are many methods companies apply to manage business passwords. Some are critically dangerous and can lead to a data breach, while others are moderately safe.

Let’s discuss them.

42% of companies rely on sticky notes to manage passwords.

Almost half of companies write down passwords on pieces of paper.

Some employees dedicate a separate notebook for passwords, while others throw a sticky note into a pile of other papers. There is always the third category of workers who put sticky notes into a drawer and lock them. But the latter is more of an exception.

While some try to defend the safety of this method (presenting logical reasons), the risks weigh down any possible compromises.

First, it is just too easy to lose the paper together with the password. While you might change the password one or two times, eventually, you will get annoyed and, most likely, create a weak credential. (The one you would remember without searching for a sticky note.)

There are also other risks associated with this method – the unrelated people (like cleaning staff, delivery agents, or clients) who might (unintentionally) see the password and access the accounts.

Is it worth the risk? We doubt it.

Every second employee reuses the business passwords.

Even IT professionals reuse business passwords. Password reuse is probably the most dangerous password mismanagement strategy because it can result in the most devastating damage.

Every account protected with an identical password is vulnerable to credential stuffing attacks. It only takes to hack a single password to gain access to many business accounts protected with the same credential.

In January 2022, the New York State Office of the Attorney General warned 17 companies that 1.1 million user accounts were compromised in a credential stuffing attack. This case portrays that everyone – even the biggest companies – sometimes fall into this trap.

Once hackers steal one password, they automatically try it on as many accounts as possible. If an employee reuses that password, the success rates are high.

53% depend on memory to manage credentials.

One could argue that there is nothing wrong with this password management method. (And one would be quite right.) If a person can remember all his passwords (and we talk dozens), his data is safe.

However, an average person has a limited memory capacity to store as many as a hundred passwords. As a result, people tend to simplify the credentials or reuse them to make memorization easier.

And these are the strategies that make this password management method weak and dangerous.

How should you manage business passwords ?

However, the statistics are not only negative.

The Ponemon Institute research, focused on post-pandemic workplace security and privacy, revealed that as much as 40% of companies require their employees to use a password manager.

This is a significant improvement in cybersecurity. It resulted from a radical shift to remote work during the pandemic.

Therefore, using a password manager to protect business passwords is the most recommended and safest strategy to address credentials-related business concerns.

So, how to build good password habits with a password manager?

Here are the most critical tips on how you should manage business passwords:

1. Use only a password manager to store business passwords. Throw away (after tearing them up) sticky notes and rewrite those passwords into the vault. Make it the primary data management method.
2. Turn on Two-factor authentication. This extra security step can block 99% of all unauthorized access. It is worth it.
3. Create secure passwords. They are long and include a variety of symbols (letters, numbers, and special characters).
4. Always change passwords after you get notified about the data breach (of course, mind the risk) or notice any suspicious behavior (like unauthorized login).
5. Put good password management into a business-wide policy. Ensure your employees know the right data management strategies and have the tools to achieve that.

Strong business passwords directly correlate to organization safety and smooth business processes. Make those passwords work for your business’s success.