Read More>> 
“The world’s most common online password is 123456”!
A few months back The World Economic Forum revealed this shocking truth on their LinkedIn page. Indeed, the robustness of password management practice depends on end-user behaviour and how they are trying to secure their passwords. There have been countless surveys and research on adequate password management policies (and practices) in enterprises worldwide and there have been newer threats every now and then.
Last year, a reputed financial services provider from the APAC region faced hacking of more than 100,000 credit card payment terminals due to password breach of an internal employee. The organization is highly reputed, and it facilitates banks, acquirers, fintechs, telecom operators, and industry solution providers with financial services in the most cost-effective and convenient ways. Just think about the disastrous aftereffects! Not just the victim organization, but also its entire list of stakeholders.
About Password Security: Facts
The Economic Times say that cybercrime is set to cost the global economy more than $3 million in the coming days, and some 80% of these attacks are related to password abuse or password breach. Passwords are the keys to access enterprise business assets and if it is compromised, the confidentiality of the data assets turns to be at stake. The risk multiples in the case of privileged passwords and even the smallest of a single password vulnerability can lead to catastrophic consequences. In the 2022 Gartner Drivers of Secure Behaviour Survey report, there is an alarming revelation about the percentage of employees/ end users who are handling passwords.
| Save critical passwords directly into an internet browser without approved extension | 63% respondents said “YES” |
| Using same password for multiple accounts | 67% respondents said “YES” |
| Track/ save critical passwords in unencrypted format like MS word/ Excel, notepads, word pads, physical notes, etc. | 63% respondents said “YES” |
| Sharing critical work passwords with others who are not authorized to use it | 51% respondents said “YES” |
These statistics bluntly point out why do passwords are considered the weakest links to compromise security. If we delve deeper, we find that the risks of password breach surmount from:
- Poor/ Inadequate password management policies
- Lackadaisical behaviour by end-users regarding password handling
- Unencrypting of passwords
- Random sharing of passwords/ common password for multiple users
- No rotation or randomization of passwords
What is the way out?
For enterprise IT environments, it is highly imperative to follow the basic password management practices. ARCON’s password vault enables organizations to generate complex, randomized passwords for privileged accounts that cannot be easily interpreted. It allows organizations to enforce password policies such as password expiration and extent of complexity and rules to ensure that passwords are updated regularly and meet the organization’s security standards. This robust and essential feature of ARCON | PAM (Privileged Access Management) eliminates the need for end users to remember and share passwords and lowers the risk of password misuse. It also provides an audit trail of all privileged account password access, including who accessed the password, when, and for what purpose.
Here are some typical and common tactics to ensure password security:
- Always avoid using default admin passwords
- Passwords must never be maintained and shared in excel sheets
- Implement a mechanism to randomize and rotate passwords at frequent intervals
- All passwords should be vaulted and encrypted
- Well-defined password management policy must be mandatory
The Bottom-line
Passwords are the gateways to critical IT assets. There is no alternative to password security. Without adequate/ relevant password protection measures, an enterprise might face the risk of permanent loss of its integrity and credibility.
