The Future of Passwords and Password Management in the Enterprise

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

Passwords have been around for decades now, and they aren’t going away any time soon.

And yet, password security best practices have been ignored by many. Too many people and companies are careless with password management, even though they know that a single password in the wrong hands can lead to disastrous consequences.

If you’re overwhelmed by the task of managing dozens, even hundreds, of personal or business passwords securely, or you’ve never had to deal with the aftermath of a hack, you may be tempted to keep your head in the sand and hope for the best. This is your worst possible option.

As recently as mid-2016 Pew Research Center reported that most Americans keep track of their online password by memorizing them or writing them down. And if they do this with personal passwords, you can be sure that some of this behavior finds its way into your office environment where the security risks are amplified.

No surprise again, 123456—possibly the worst password ever—continues to be the most used password for the 5th year in a row.

Other bad password security practices from the 1990s are also alive and well:

Companies still add computers to their network without changing the default, out-of-the-box password.Employees still email passwords to one another.Organizations still store passwords in “password protected” Excel spreadsheets (see why that’s a lousy idea), and employees still write sensitive passwords on sticky notes and paste them on their monitors or under their keyboard.People still choose the worst passwords ever—Wikipedia publishes SplashData’s “List of the most Common Passwords” every year, and the old favorites are always pretty much the same.

Has anything changed in password management practices?

Thankfully, yes. A lot has changed. Password management tools have become mainstream as more and more individuals and businesses have adopted them. But not nearly enough, as the Pew research suggests.

On a personal level, cyber-aware people have started using secure digital password managers across their devices. They have adopted 2-factor authentication, and have become more cognizant of the benefits of VPNs to further protect their passwords and other information. These individuals are aware of the value of password security and are more likely to practice better cyber hygiene in the workplace too.

On a business level, conscientious companies have installed enterprise-level privileged access management (PAM) software and are enforcing password management best practices across their organizations. PAM software has enabled companies to introduce automation to password management, so passwords can be changed, rotated, and expired on an automated schedule. Plus, passwords can be better managed when an employee leaves the company or when another high-risk event has occurred.

Password use can be tracked and reported on, and employees’ actions can be monitored and recorded as they access the sensitive information protected by company passwords. And PAM software can help companies establish and prove compliance to fulfill their industry’s audit requirements for protecting passwords.

So, what does the future hold for passwords and their security?

Passwords are the staple of secure access to accounts and sensitive information. They will remain so for the foreseeable future, despite advancements in bio-metric authentication which simply augments passwords interactions.

Knowing that so many people and organizations are still not paying much attention to their cyber security practices, criminal hackers are reaping the rewards of this neglectful behavior and have been known to observe their victims for months before making any malicious moves.With these things in mind, I have both high hopes and some predictions for password management in 2019.

Password Management in 2019Employees will be better educated: Password security is everyone’s responsibility

Did you know that 25% of employees use the same password for every enterprise system they access on a regular basis?

More organizations will realize that their password security is only as good as their least tech-savvy employee, and they will make cyber security education part of their on-boarding process. Corporate password protection policies will be improved and staff members, from C-level to front desk will be trained to comply. (Surprisingly, C-level execs are just as likely to have risky password habits as junior staff)

Privileged access management will take off—to the cloud!

The top privileged access management software vendors have invested a lot of effort in developing robust on-premise PAM solutions. But until recently, if you were interested in a cloud service for privileged account and access management, you’d find yourself with a scaled-back, cloud-based version of the on-prem product.

Not anymore. At Thycotic, we recognized the convenience of managing privileged accounts from the cloud, but were also aware that organizations needed much more than just a ‘cloud password manager’. They needed a powerful, full-featured privileged access management solution in a secure cloud environment. So, we created Secret Server Cloud.

Today you can quickly deploy our robust yet easy-to-use PAM solution in the cloud, and I’m confident that a lot more organizations will start reaping the benefits of cloud access and account management in 2019.

What does PAM look like in the cloud?

Naturally, I cannot guarantee you’ll get these must-have perks with every cloud-based PAM solution that comes along, but with Thycotic’s Secret Server Cloud:

1.) You’ll deploy instantly. A cloud-based PAM solution has zero hardware or infrastructure requirements.

2.) You’ll configure rapidly. An intuitive wizard-driven setup and UI makes managing privileges simple.

3.) You’ll save time and money. The PAM-as-a-service, cloud-based model means no management overhead. You pay only for the capabilities you need. And you can be protecting your privileged accounts in minutes.

4.) You’ll be operating on a platform that’s highly secure and highly available. Industry-leading privileged access controls combine with the latest in threat management and full redundancy delivered by Microsoft Azure Cloud Services.

5.) You’ll scale automatically. Easily meet fluctuating volume and performance demands, and upgrade when you’re ready.

Small and medium businesses will wake up to enterprise-level password protectionAs cyber-attacks increase, more SMBs will realize that what they need is enterprise-level password management software, and they’ll be pleasantly surprised to find that it’s neither as pricey nor as complex as they imagined. So, if your company is still using 1990s password practices, or a consumer-level password manager, 2019 is here and you have better options!

SMBs are more likely to cling to the bad password security practices of the past in the mistaken belief that nobody’s interested in their stuff—the rich pickings are over at the big guys, right? Not so. Your $500 is as good as anyone else’s to a ransomware attacker; and what cyber-criminal wouldn’t want access to your business details?

More people will add “things you don’t know” and “things you have” to their password protection arsenalLogging into accounts using only a familiar password will become a scary relic from the past as more people and organizations add multiple authenticators to their cyber security practices.

An authenticator app on your mobile phone provides you with a second, temporary word or number (something you don’t know) which expires fast. This method of 2-factor authentication requires you to have your mobile phone in your possession (something you have), which reduces the likelihood of a third party accessing your account.

One-time passwords (OTP) will become the norm as everyone realizes that using the same password month after month is very risky behavior.

May 2019 be your best password security year ever!

As we begin another year of online working, storing data, banking and more, I don’t need a crystal ball to predict that 2019 will come with a generous helping of cyber-attacks and a side of ransomware and phishing scams.

But I know for sure that we’re armed with better security solutions and more knowledge than ever before, and I encourage you to embrace both immediately so that I can wish you a Cyber-Safe New Year with the knowledge that you have to tools to do it!

Author: Joseph Carson, Chief Cyber Security Scientist at Thycotic. Joseph Carson has over 25 years’ experience in enterprise security, is the author of “Privileged Account Management for Dummies” and “Cybersecurity for Dummies”, and is a cyber security professional and ethical hacker. Joseph is a cyber security advisor to several governments, critical infrastructure, financial and transportation industries, speaking at conferences globally. Joseph serves as the Chief Security Scientist at Thycotic. 

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
1251 Followers
About Thycotic
Thycotic’s award-winning Privileged Account Management solutions minimize privileged credential risk, limit user privileges and control applications on endpoints and servers. Thycotic is one of the world’s fastest growing IT security companies because we provide customers with the freedom to choose cloud or on premise software solutions that are the easiest to implement and use in the industry. Thycotic solutions are the highest rated PAM tools by your Gartner peers, and trusted by over 10,000 users worldwide including 25% of Forbes Top 50 Companies, and 20% of the Fortune 500.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel