Use a password manager
Cybercriminals don’t always need a breach to gain a foothold in your organization. Employees seldom choose strong, complex passwords, and many passwords can be easily guessed.
Employees also tend to reuse passwords across websites and different services, so one organization that gets compromised can lead to many in what’s called “credential stuffing” — the automated use of a breached password to attempt a login at many, even hundreds, of websites. Because of this, your organization is at risk.
Given the number of online services that most people use, plus the number of breaches that occur on a yearly basis, the question becomes not how to stop credential breaches but how to minimize their potential impact. And one big way to do so is with a password manager.
Next steps
• Require the use of a password manager: Password managers solve several issues related to user password management. They encourage the use of longer, more complex or even random passwords, since users don’t have to commit them to memory. They make it much easier to use unique passwords per service or website. The unique passwords can be generated by the password manager itself, relieving the employee of having to compose a new password for every service. And they provide safe, encrypted storage for a user’s passwords, keeping them off Post-It notes or out of text, Word and Excel files.
• Select the right password manager: Password managers can take on many forms, from individual standalone applications for each user to applications that integrate with a web browser to centralized applications managed by your IT department. Choose whichever is most appropriate for your organization’s needs.
SOURCE: WIPFLI