Everyone hates passwords.
As a Managed Services Provider, at Hermetic we know that passwords are a necessary evil for most organizations. They are irritating, annoying and unavoidable. Users hate changing and remembering passwords and administrators hate hounding people to change them to make them more secure. Nobody likes getting locked out of their account, and no one enjoys going through the “forgot my password” process. Even though passwords can feel like nothing but a hassle, they are extremely important and aren’t going anywhere anytime soon – or at least until organizations implement password-less authentication. Here’s why.
In some instances an entire business’s survival may hang in the balance of a single password. Following is an example of one organization that learned this lesson the hard way, as did its customers. Meet SolarWinds.
The lesson from SolarWinds.
In 2020, SolarWinds, a large network monitoring software developer serving America’s Fortune 500 companies, was infiltrated by a single password. An attacker gained access to one user account and leapfrogged from it into other accounts until enough information was gathered to access internal systems. Quickly, the offender injected malicious software into product databases to create what is called a “supply chain” attack, targeting customers. The software was then able to be distributed through products directly to SolarWinds’ clients.
The result, over 18,000 businesses and institutions installed the compromised SolarWinds software, including the Pentagon, Department of Homeland Security, Microsoft, Intel, hospitals, universities, and private businesses. Tech companies all over the world scrambled to scrub the infected software from relevant networks and contain the breach. The ramifications of data loss are still unknown.
The imagery of the isolated event is powerful. A single weak password caused the infiltration of tens of thousands of networks. Password usage is incredibly important and will only continue to become more crucial over time. Now that we know what can happen with ONE password…
One user, ten applications, ten passwords (assuming the user doesn’t replicate passwords). Have you secured passwords to your infrastructure? One 2020 survey says of individuals who need them to work every day:
- 86% continue to use passwords that have already been leaked in previous data breaches
- 20% create a different password for every online account
- 45% use the same password for some accounts
- 47% of people use passwords that are over 5 years old
Those are scary metrics. As if those facts aren’t enough, consider passwords that are simple from the start. A list of the 10 most common passwords in order:
- Senha (Portuguese term for “password”)
Would you want your employees securing your company’s data with any of these passwords? Doubtful. How do you manage that type of sensitive information? Hermetic proposes a password manager. One which is included with new Managed Services offerings. But what, exactly, is it?
What Exactly is a Password Manager?
While not a silver bullet – nothing about information security is or ever will be – a password manager is one easy, inexpensive, and impactful way to improve your overall security posture.
A password manager is an application that stores a user’s password(s) in an encrypted database that only the user, or an authorized team member, can decrypt and access. Basically, it acts as a digital safe for login IDs, passwords, notes, keys, or any other important bits of data.
It helps create randomly generated and complex passwords so you can be sure they are strong and secure without having to worry about keeping them in a memory bank or on a sticky note. It allows individual users to auto-fill passwords to access commonly visited websites or copy/paste them directly into applications.
A password manager also assists network administrators with maintaining control of business security. The access controls of the organization, ease of deployment across different types of users, total cost of ownership, and maintaining a centralized experience for an administrator, strengthens security and process management time.
How Can Hermetic Help?
Simple. We’ll assist you with Password Manager implementation. Hermetic knows just how to help you get it started by following a clear process, which includes:
- Analysis of business processes and user requirements
- Identification of security concerns
- Set up and deployment of the program, including strategically setting alerts for password breaches (be the first to know!)
- User training when necessary
- 24-7 monitoring of passwords breaches from a Hermetic remote location
If data security and password management is on your radar, as it should be, give us a call to set up a free consultation.