Introducing the fastest way to manage online identity, and protect your business
Gone are the days when employees would log into their desktop machine each morning to unlock the system, and then use software that was installed locally on his or her personal workstation.
Instead, even the most modestly-sized organization today uses hundreds of apps and services, spread out over multiple clouds and many vendors, and applications are hosted both on-premise and remotely. The vast majority of these require the user to confirm their identity to begin work — and that’s usually via a username and password combination.
Little wonder, therefore, that the average employee tends to reuse the same password for everything. In fact, according to a survey conducted by LastPass, 59 percent of people “mostly or always” use the same password, and 53 percent don’t even change their password after a known hack.
Those figures alone are enough to scare any IT security expert, but the situation is exacerbated by the fact that many people use the same password, or a few passwords, for their personal accounts as well as work apps and services. That means that in the event of a single account being compromised, those credentials can be reused dozens, if not hundreds of times, opening the way for exfiltration of sensitive private data belonging both to the employee and the employer.
Of course, for that to happen, an application used by an individual must be breached. But given that many systems with which we all interact daily ask for log-on credentials, by hacking the least troublesome, worst protected service (like a local gym membership website or regional transport provider’s app), access is granted.
And while the hacking of such an account may not be difficult, phishing attempts by email (still the most empirically effective method used by hackers) can reveal username and password (at least) without any need for code-based, smart hacking.
The password manager
There are a couple of methods in use that can significantly reduce these risks, the first of which is the use of an individual password manager. By using an app (often installed on a phone), all a user’s passwords can be stored, and all credentials unlocked by a single password, facial scan, or thumbprint.
Most password managers worth their salt can also generate highly secure, unique passwords for each new service signed up for or secure website visited. These long-string, secure passwords that are practically impossible to remember (and therefore near-impossible to crack by standard methods) can be stored and even auto-filled by the app, when appropriate.
But the use of password managers like LastPass is not yet widespread enough to make a difference to both individuals and their employees that are not aware of the issues or care enough about their security.
But many organizations now realize that intellectual property in the form of data is one of the most valuable commodities they own. In the same way that no business would leave its doors and windows open to the world at night, companies with a responsible attitude to data protection and security use enterprise password management (EPM) solutions.
Unfortunately, although the odds of a data breach are significantly lessened using unique, per-service passwords, human fallibilities once more create insecure situations even after that first step to improve security practice. Colleagues will often tell each other their workplace passwords, either to get around per-seat licensing models or just to help a fellow employee.
Even when not purposefully shared in this manner, there are frequent instances of users being granted high-level privileges by help desks, for example, just so they can quickly achieve whatever they need online. As for sticky notes on monitors, or labels stuck to the underside of keyboards: such horrors are commonplace.
It’s into these situations that two-factor (2FA) or multi-factor authentication can help: each log-on attempt with username and (hopefully secure) password must be backed with a further method(s) of the user proving their identity.
Most simply at present, this is by use of an app and PIN or password (something the user has, and something the user knows) — 2FA. Multi-factor authentication is even more secure, and is perhaps best delivered in the business as part of an EPM solution. Enterprise-grade password management software makes the different factors centrally manageable & verifiable; typically MFA comprises something the user has, something the user knows, and something the user is, like a fingerprint or facial scan.
Many end-users or employers will not be coming to an EPM solution without their own methods of authentication, of course, and a capable EPM platform will accommodate this. Many users have experience with third-party apps like Google Authenticator, for example, which is a prime example of a 2FA app.
Conversely, if an organization operates a BYOD policy with regards handhelds, not every member of staff comes to the workplace with a high-end smartphone capable of facial recognition. Choosing password management platforms, therefore, is not a quick decision.
The detail in the edge cases
In business, there is usually a degree of password and credential sharing. Companies’ Line, Twitter, or LinkedIn accounts tend to have a single account representing the entire company.
That’s why far-seeing businesses use capabilities like LastPass Enterprise Shared Folders, whereby credentials can be shared as read-only and hidden. Furthermore, that platform (see below for more information) also allows granular security provisions even for accounts that necessarily must be shared across the business. One example might be ensuring that log-on take place locally only (that is, on the company’s LAN), or within certain hours of the day.
The single sign-on
Naturally enough, logging into multiple services, multiple times each day, using even the best-designed password manager can hinder workflows and make users impatient — that’s what caused the majority of insecure password uses in the first place!
Therefore, many organizations use SSO (single sign-on) solutions so that a user can sign in to a central service, and by doing so grant themselves access to all approved apps and services, according to their job role, their department, level of seniority and access rights — factors which are set and managed centrally.
That solution is perfect for better data security hygiene and is where password managers begin to become very much more than personal tools, becoming EPM systems (enterprise password management). That’s where the LastPass Enterprise platform positions itself and is a method by which the twin goals of data security and ease of use can be achieved. A single sign-on unlocks the apps & services, but only those apps the user should be able to access, and only at times and in locations that are considered appropriate.
Currently protecting more than 47,000 organizations across the world, now may well be the time to join the ranks of the LastPass platform user. Easy to use, secure, and designed entirely for the business user in mind, watch these pages for further articles exploring LastPass from LogMeIn.
In the meantime, click here to get in touch with a representative near you.
- Now’s the time to deploy SD-WAN for the business: Expereo
- WatchGuard Passport bundle protects remote workers from cybersecurity threats, wherever they are
- Complex regulations and evolving digital payment landscape require financial services to rethink eKYC
- Protecting the humans in the business makes business sense: Aussie cybersec today
- Announcing the all-online Cisco Live Virtual Event APJC