Are Strong IT Passwords Enough To Protect Data?
For years, the IT world has been focused on the importance of having strong passwords.
With the sheer volume of passwords each user has to remember daily (some estimates put the number at 100 passwords), it can be daunting to develop unique, complex passwords for each of the applications we use, let alone remember them all.
What happens as a result? Many people reuse their passwords or modify them by simply adding one character to them.
The truth is that strong passwords are a good goal, but they may no longer be enough to protect data.
So, what’s a business or IT leader to do? How can you help employees manage the alphanumeric spider web of passwords they need to do their job each day?
In my job as manager, engineering services, I hear this question a lot. The best solution is a combination of a password manager and multi-factor authentication.
In this article, I’ll explain how password managers and multi-factor authentication keep data safe.
After you read this article, you’ll fully understand the value each of these products brings to your IT infrastructure. Based on what you learn, you’ll be able to decide whether one or both of these products would be a wise investment for your organization.
What Can I Do To Keep My Data Safe?
The honest truth is there is no 100 percent guaranteed way to keep your data safe. Having said that, the safest thing to do is to provide layers of security. One of those layers is strong passwords. What else can you do?
1. Password Manager
Password managers provide a cost-effective way for users to store and manage their passwords.
How Does A Password Manager Work?
A password manager is like a virtual safe for passwords, offering the ability for users to store their login credentials for different apps or websites.
With some password managers, the first time a user logs in to an app, the password manager will ask if they want to store their login credentials. It will then store the login credentials and auto-populate them any time the user selects that app in the password manager.
The ability to save your passwords for websites is already built into most web browsers, but a password manager is a much more secure implementation of that capability.
In fact, I recommend disabling the ability to save passwords in a browser like Mozilla Firefox, Google Chrome, or Microsoft Edge.
Once the credentials are stored in the password manager, a user only needs to enter (and remember) one password! That fact alone makes it more likely that the user will choose a unique, complex password to access the password manager. This one step alone adds security.
Learn about the pros and cons of password managers.
What Does A Password Manager Cost?
There are free and paid options with various features and capabilities. If you opt for a paid version, it will likely cost from $4 to $6 per user per month.
2. Multi-Factor Authentication
Whether you use a password manager or not, there is always a risk that if a single password is breached, a person with bad intentions could gain unauthorized access. It’s even worse if that password is to a user’s entire library of login credentials.
This is a valid concern, but strong passwords can be further protected by using multi-factor authentication (MFA).
Does your organization have everything it needs to keep your data safe? If you have any doubt, click on the button below and download our free cybersecurity checklist to learn where you have gaps and build in extra protection today.
How Does MFA Work?
MFA is a security tool that requires people to provide multiple forms of identification before accessing an application, website, or other IT service.
While traditional password authentication relies simply on the knowledge of the password, MFA adds in additional requirements including “something you have” (such as an identification card or token from a specific device) or “something you are” (such as biometric information).
Passwords of any length and complexity are stored as a “hash.”
Without getting too technical, hashing is an algorithm that turns the random grouping of characters or data into a non-decryptable, fixed-length value that is more secure to use. So, with passwords alone hackers can gain access without even having to guess an exact password.
When you add MFA, system monitoring notifies you of attempts to access data. With MFA, even if the hacker has the password, they can’t access the system because they don’t have that second factor.
MFA thwarts hackers from accessing data and takes away the need to change passwords frequently.
What Does MFA Cost?
Depending on the options and solution you choose, MFA typically costs $3-9 per user per month.
Related article: What Do I Need To Know About Cybersecurity: 5 Myths Uncovered
What’s The Next Step?
All businesses need to have a true understanding of their risk. The common thinking used to be that large, multinational companies were the prime target for hackers. That thinking is now obsolete. Understand the value of the data you process. What would happen if your systems were to be hacked?
After reading this article, you have an understanding of additional steps you can take to reinforce the security of your data. You know the value password managers and MFA can provide, and you know how much they cost.
When considering the costs, please keep in mind that a data breach can cause both long-term and short-term damage to your reputation, downtime for your business, and the potential loss of trust and business. In comparison, these proactive safety measures more than pay for themselves.
Whether you have a full staff of IT professionals or no staff, you may need help to implement these solutions.
At Kelser, we provide customers with a full slate of managed IT support services that keep their IT safe, efficient, and available. But, we know that managed IT isn’t the right solution for everyone. (Learn how the cost of internal and external IT support compare.)
Whether we work together or not, we believe it’s our duty and responsibility to provide the information business leaders like you need to keep their infrastructure running smoothly. That's why we publish articles like this.
If, after reading this article, you are considering working with an external IT provider to optimize your security, we encourage you to compare several options to ensure that you get a partner that is the right fit for your organization.
Here are the important questions to ask when evaluating IT providers.
Or, if you prefer to talk with a person about your IT pain points, click on the button below, fill out the form and one of our IT experts will contact you within 24 hours (often much sooner).