Despite employees knowing the risk of bad password habits, many continue to recycle the same passwords out of convenience. The problem is that 95 percent of organizations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts throughout the year.
The onslaught of cyberattacks highlights the need for more employee education on password practices and for corporate management to put in place appropriate training and awareness programs.
Commenting on the importance of good password management for Digital Journal is Manoj Srivastava, General Manager of ID Agent and Graphus.
Srivastava explains the importance of not only technical security solutions, but also the necessity of education on proper password habits to ensure better protection against cyberthreats.
Srivastava explains that now is “a good reminder for IT professionals to take a closer look at the security of their environment. Though having the right security solutions in place is crucial, it’s often the small habits that can make or break an organization’s security posture.”
In terms of specifics, Srivastava says: “One of the most important things an organization can do is foster a security-first culture that provides employees with the “why” behind aspects like multi-factor authentication (MFA) and frequent password changes that can often seem like a hindrance to their productivity.”
On the subject of training and education, Srivastava recommends: “Short, frequent security awareness training around topics like the importance of strong passwords and why to use a password manager can help break employee bad habits that threaten the entire IT environment.”
Also needed is proactive activity on the part of Information Technology (IT) departments. Here Srivastava states: “When assessing their technology stack, IT professionals should look for identity and access management (IAM) solutions that combine single sign-on (SSO), MFA and password management to ensure better protection against cyberthreats.”
Srivastava’s other recommendations are that “Organizations should discourage reuse of passwords and set strong password requirements for the solutions that employees use daily to avoid the use of some of the most common passwords like 123456 or password—which unfortunately are still frequently used, according to data from ID Agent.”