Most, if not all of us know the feeling of getting to work on a Monday morning to be confronted by a message forcing us to change our password, these are seen to be annoying or too frequent by non-security personnel. However, these are a vital part of keeping the network secure as humans are the weakest part of any organisation. It is thought that approximately 40% of people in the last year alone have had a password stolen, account hijacked or had personal information compromised. On top of this over 50% of people use less than 5 passwords online and the average person has over 15 online accounts. These statistics are already enough to put your business at risk from cyber criminals. If one employee uses a service that gets breached there is a 1 in 5 chance that the password they use is the same as what they use to view your confidential corporate data and information, this is highly concerning for a company of any size. These concerns can only get worse as more and more breaches occur and reveal more passwords, especially since 21% of people use passwords that are more than 10 years old.
There are ways in which the risks of weak passwords or the lack of changing passwords can be fixed, one of the most common solutions that all organisations should have is timed password expiry. This means that after a fixed number of days employees are forced to change their passwords. Alongside that a history check on new passwords is important, this makes sure the employee has not used the password before and does not keep repeating the same 2 passwords for alternate months. This is a common problem in most companies as staff find it difficult to remember new passwords everyone month. Again, this is an easy solution to fix with the use of a password manager. A password manager is a piece of software that allows the user to generate/enter more complex passwords that are then saved by the application and encrypted. The user can only access the password database if they know the master password. This type of software helps for situations in which a single sign on environment is not currently in place.
With just a few small adjustments and editions to your infrastructure you can make sure your passwords are a lot less easy for a malicious threat actor to gain. This is all done purely through strengthening and securing passwords. However, this is not guaranteed to prevent password breaches, all it can do is significantly decrease it. Password security can only be strengthened if employees are properly trained and reminded to create complex and lengthy passwords. Without user training the network can be wide open to all kinds of attacks, all it takes is one weak link for the hacker to get in. Make sure you are not it, strengthen your passwords.