Solve password sprawl with password management

With more remote workers today, managing our abundant passwords poses a big security risk to business data. Rather than authenticating within a secured firewall, employees connect across the internet, increasing the risk of compromised credentials.

We simply cannot remember all the passwords we need for business, much less our own personal use. A typical result? Weak or duplicated passwords.

We call this “password sprawl.” Merriam-Webster defines “sprawl” as “to cause to spread out carelessly or awkwardly.” Regarding passwords, this definition may be more appropriate than any of us would like to admit.

Let’s look closer at this problem and how password management solves it.

The risks of password sprawl

We have passwords to ensure only authorized persons can access our applications and data. Password sprawl compromises this security. For example, consider these questions:

• Have you ever shared your password with someone else?
• How many of your accounts share the same password?
• When was the last time you changed your passwords? (Every 90 days is best practices.)
• Do you have a sheet of account usernames and passwords? Do you keep it with you?
• Or do you use a OneNote, Word doc, Excel spreadsheet, or Notepad text file to reference your account credentials?
• Do you remember passwords more easily by just swapping out the characters, letters and numbers of the same password to make each one a little different and a bit more complex?

If you’re thinking ‘Yes’ to any one of those questions, know that you’re not alone. The last reader of this article answered the same way too.

Many of us do it – or have done it. That doesn’t, however, mean it’s best practices.

Best practices for password management

UC Santa Barbara provides a concise list of generally agreed upon password best practices. They include¹:

1. Never share your password.
2. Use a different password for each account.
3. Make guessing your password hard by using sentences or phrases, but not those someone else might know or guess about you.
4. Longer passwords are better than short and complex.
5. Add complexity where you can, using symbols and spaces when possible.
6. Use multi-factor authentication (MFA).
7. Use a password manager to aid credential management.

Of these seven best practices, the final two – numbers 6 and 7 – make the first five much simpler.

What is multi-factor authentication?

Multi-factor authentication requires you to provide more than one “factor” to authenticate and gain access to your account. The definition of “factor” is something that you know, something that you have, or something that you are.

Credentials, your username and password, represent one factor (something that you know). Token authentication like a passcode or push authentication would be another factor (something that you have). In this case, you have a cell phone app, or ability to receive a text or phone call notification to prove that you are who you say you are because you have the “token,” your cell phone.

When only two factors are involved, it may be referred to as “two-factor authentication.”

Multi-factor authentication involves more than two factors. These could be fingerprint, codes sent to an email, facial recognition, and retina scanning. The amount of authentication you employ depends on the degree of security needed.

Advanced authentication like this works well because if someone compromises your credentials but they don’t have your phone, for example, they can’t complete the authentication process.

To protect your credentials, you can use a password manager.

Using a password manager for credential management

With so many passwords, it is virtually impossible for anyone to manage all passwords, account changes, and urgent password changes should an account password be compromised.

A password manager takes the headache out of managing all your credentials.

• It stores your usernames and passwords.
• It encrypts your information.
• You’ll be prompted to change your passwords regularly.
• When you need a new password, it can produce one via its own randomization module like “vQkyA9u1SSa7*F94fsU7UsA4zU4.”

By using a password manager, you can change passwords with a few clicks and swipes. Depending on how you use it, you may not even need to know, see, or remember any passwords.

Your password information stays safe and logging in becomes simpler. Plus, they meet all best practices standards, helping you to keep your account access more secured.

Of course, there is one password you will need to remember – the one to your password manager. That one you will want to write down and keep somewhere safe and secure.

For more information on how to implement a password manager, find the best app for password management for you, or discuss password best practices in your organization, contact us.

Source:  RICOH USA