One of the most common questions I get asked is, “If you were going to recommend one thing to do today to better protect my business or self, what it would be?” Although it’s always hard to come up with just one thing to help protect an organization or an individual, the response I usually give is related to password management and second-factor authentication.
Many companies these days use online services, rather than internally hosted applications, for most of their day-to-day operations. Most of these services require their own login credentials. How do users manage to remember all those passwords? More often than not, the user utilizes the same password across all of the services so they can easily get into each one.
Password management includes many aspects, but the key is to not utilize the same password for multiple accounts. The only way to do this effectively when users have dozens of accounts (if not more) between their personal and work, is to utilize a password manager (e.g., LastPass, 1Password, etc.). Password managers can be a lifesaver when you have too many passwords to remember.
If you are going to provide a password manager for users within your organization, make sure to take the time to train users on how to utilize the tool. Also, don’t assume users know how to reset their password within a service. I’ve talked to many users who try to do the right thing and change their password to something unique, but they don’t know how. Many services bury the “change password” option deep within account settings or profile page. In these cases, even if a user decides to utilize a password manager, they may be unable to set each account up with unique passwords, which defeats the purpose of the password manager.
Anders Erickson is director of cybersecurity services at Eide Bailly, Fargo, N.D. You can reach him at (208) 383-4731.