Password managers
Introduction
Password management is one of the key information security management systems. Site KommandoTech collects interesting statistics with real issues of passwords security from open resources:
- 75% of Americans are frustrated by trying to maintain and keep track of their passwords.
- An estimated 81% of data breaches are due to poor password security.
- 49% of employees only add a digit or change a character when prompted to update their passwords.
- 62% of organizations admit that they don’t take the necessary steps in properly securing mobile data.
- 43% of Americans have shared their passwords with someone.
- Malicious attacks caused 52% of examined data breaches in 2020.
- Over 10.6 million of MGM Resorts’ hotel guests had their personal information posted on a hacking forum.
- Over 280 million Microsoft customer records were left unprotected on the web in 2020.
- According to password security statistics, over 500,000 credentials of Zoom teleconferencing accounts might have been sold on the dark web in 2020.
- Data breach costs increased by $137,000 in the US due to remote work during COVID-19.
- The most common name to use in a password is Eva, with 7,169,177 instances.
- The Phoenix Suns are the most popular sports team, according to 1,179,671 passwords.
- The most commonly used curse word in a password is ‘ass,’ with 26,832,002 instances.
- As password reuse statistics show, approximately 76% of millennials recycled their passwords in 2020.
- 27% of Americans admit to having tried to guess someone’s password at least once.
- It takes 62 trillion times longer to crack a complex 12-character password than a 6-character one composed of lowercase letters.
- There is a hacker attack every 39 seconds.
- 66% of businesses that hackers attacked weren’t confident they could recover from it.
- 5,258 security-related incidents in Verizon’s DBIR were data breaches.
- Healthcare had the highest data breach cost in 2020 — $7.13 million.
- Hospitals spend 64% more annually on advertising over the two years following a breach.
How can businesses fix these problems?
Businesses should enforce strong password policy requirements. A strong password isn’t just about one password, it’s important that you guarantee strong passwords for each account that you access through your computer. When you are utilizing a corporate network, the network administrator may encourage you to use a strong password.
To be able to create a strong password, you should be aware of the criteria to make one. These criteria basically include the following:
- A strong password must be at least 8 characters long.
- It should not contain any of your personal information — specifically, your real name, username or your company name.
- It must be very unique from your previously used passwords.
- It should not contain any word spelled completely.
- A strong password should contain different types of characters, including uppercase letters, lowercase letters, numbers and characters.
These requirements create big problems for employees. The first problem is password generation and password saving.Key and certificate savings are very important for an accountant or DevOps specialists. Additional problems include saving passwords on notebooks or stickers.
Sometimes users use a unique account for business service access and this account should be shared between teammates. (It is very dangerous, but in real life it is a real case!!!!).
It is necessary to use the password manager in order to solve such problems as : generating passwords of the necessary complexity, rummaging through accounts, using autofill plugins, and other requirements that will be set by the company.
As for our company we check the following criteria:
- Possibility to save passwords in encryption forms.
- Possibility to share credentials between teammates.
- There are no vulnerabilities to these systems for the last 2 years.
- Active Directory integration.
- DarkWeb monitoring.
- Possibility to use API.
I have used a list of password managers from Cybernews.com:
According to the parameters I determined and my personal subjective opinion. I think that 1Password is the most suitable.
Advantages
Best reviews, excellent support (response within a couple of hours), works with all platforms, integrates with AD, functional, has various administration options (groups, roles) and audit, volts sharing, file storage, etc…
Disadvantages
Price
The second possible use could be Bitwarden
Advantages
Cheaper, works with all platforms, integrates with AD, has wide functionality (but less than 1password), there is a possibility of further transition to on-premises storage.
Disadvantages
Less convenient for the average user, fewer useful features (although are they needed)
But it is up to you, as ordinary users, to decide.
You can contact me and we can jointly select a password manager for you:)