Are Password Managers the Future of IT Security?

In 2004, Microsoft CEO Bill Gates boldly predicted the death of passwords, proclaiming that, “they just don't meet the challenge for anything you really want to secure.”

Fast forward 15 years, and despite Gates’ concerns about IT security, password use has since risen tremendously.

Nevertheless, the IT industry is still concerned about the worldwide reliance on the humble password, with millions invested each year to fund the next breakthrough in security measures.

Does the Facebook cyber security breach prove we need password management software?

Public concern over data security and the demand for more robust measures is on the rise, as high-level cyber breaches become more commonplace in the everyday news cycle.

A recent notable breach came from repeat cyber security offenders Facebook. No strangers to cyber security scandals, the social media giant was exposed for having a ‘glitch’ in their IT system that exposed the account details of up to 600 million Facebook users. More alarming was the fact that user’s passwords were being stored in plain text and searchable by more than 20,000 Facebook employees.

Such a public security breach at such a well-known company sent ripples throughout our well connected modern world, giving rise to the question: how can we make our data more secure?

Many within the IT industry believe that the solution is already available in the form of password management software.

What is a password manager?

last Pass screen shot
'Auto-pilot for all your passwords' - Auto-filled password fields using a password manager
Credit: Lastpass.com

So what are password managers exactly?

A password manager is a software application that stores the login information of various accounts and automatically enters these details into user’s login forms. Because the password management system stores and enters these passwords, they can be long, strong and unique character strings that would be nigh on impossible for users to remember for each individual account (and even harder for others to guess).

What are the benefits of using a password management system?

For the uninitiated, below are a few of the key benefits of using a password manager:

  • Ability to create unique, long passwords that don’t have to be remembered
  • No requirement to provide further personal details (biometric data such as face scanning, finger prints or eye-scanning)
  • Encrypted data
  • Quicker for users who have to access many services

Cybercrime set to rise to 6 trillion dollars per year

According to a recent report from Cybersecurity Ventures, by 2021 there will be 6 billion Internet users, and the cost of cybercrime is expected to rise to 6 trillion dollars per year.

However, a recent study by PEW Research Centre, revealed that only one in ten online adults use a password manager, and only 3% cite this as their most frequent method of password entry. Similar statistics ring true for passwords used in the workplace, according to a 2019 report conducted by Ponemon Institute LLC, who surveyed 1,761 IT and IT security practitioners in the USA, UK, Germany and France. The report revealed that 63 percent of respondents say it is important to protect passwords on their personal devices, with 66 percent of respondents believe it is important to protect the passwords used in the workplace.

However, 76 percent of security professionals surveyed said that their organisation does not have a password policy or require the use of a password manager, with 51 percent of respondents acknowledge that it is difficult to manage their passwords.

The need for improved password management is clear, but adequate action is not being taken, even amongst professionals. What is the reason for this discord?

Are password managers secure?

Password storage is secure, right? Many believe that not all password managers are secure.

According to a report by the Independent Security Evaluators (ISE), the master passwords to Password Manager Tools such as 1Pasword4 have been known to be stored as plain text in a PC's memory.

This worrying find was condemned by ISE lead researcher, Adrian Bednarek, who said that once the hackers get the master password "its game over".

Bednarek went on to say that, "given the huge user base of people already using password managers, these vulnerabilities will entice hackers to target and steal data from these computers via malware attacks.”

A corporate concern: 70% surveyed share their passwords with colleagues

A 2019 report conducted by The Ponemon Institute LLC, found that many users are relying on easy-to-remember passwords on their company accounts, with almost 70% of those surveyed revealing that they share passwords with colleagues. Combining these figures with the fact that many respondents are reusing an average of 5 passwords, it’s no surprise that businesses are becoming increasingly concerned with their IT security.

Breaches within high-level organisations such as Facebook, who recently revealed that “millions” of users had their passwords compromised, highlight the fact that no one’s data is 100% safe, no matter what backing they have.

Facebook log in page
The threat is real, no-matter who you are. A multi-billion backing couldn't prevent Facebook's breach
Credit: dailyhunt


Cyber security tips for IT Managers

So what steps can you take to ensure the cyber safety of your organisation?

First Recruitment Group’s IT Business Manager, Kevin Riley, recommends 6 steps to creating a secure environment when it comes to the administration and management of passwords for system owners.

  1. Implement password blacklisting
  2. Protect all passwords (don’t save them as plain text. Use HTTPS)
  3. Encourage the use of reputable encrypted password managers
  4. Help with the generation of secure passwords
  5. Avoid enforcing password expiry. This may lead to bad practice in remembering and storing new passwords

Kevin went on to say that, “IT security is a significant and justified concern in the modern world, on both a personal and professional level. The points above are a good start and offer an effective first line of defence, but in order to be as secure as they can be, all organisation require a tailored approach.

“I have dealt with many clients over the years and have seen first-hand the varied approaches that organisations take. One consistency in successful management of IT security is the hiring of the right minds. A dedicated and qualified team working on IT infrastructure and security can make an immeasurable difference to the safety of an organisation. There is always work to be done, but hopefully, if we all take a proactive approach, we can make the IT world a more secure place.”

Helping businesses find IT Security professionals

To find out more about how we can help you strengthen your IT Infrastructure through quality IT Security professionals, speak to our dedicated IT Business Manager Kevin today calling 01925 907000 or email kevin.riley@firstrg.com

Testimonials

Help us with our survey
Do you feel the jobs market has picked up?