Passwords can give a good level of security, yet oftentimes end users pick poor passwords that don’t make it difficult for attackers. Plenty of the most typically utilized passwords could be guessed almost immediately. According to a recent NordPass study that examined a 3TB collection of passwords, a password was used to secure 4.9 million accounts. Among the passwords used, the weakest one, which is 123456, was employed on 1.5 million accounts.
Awareness about security today is increasing, nevertheless, countless users continue to employ weak passwords for ease irrespective of the possibility of breached accounts. It is additionally prevalent for users to use the identical password for several accounts. This poor practice could result in credential-stuffing attacks. When the password is exposed on one system, all other accounts using a similar username and password pairing can likewise be accessed.
One of the most reasonably priced and quickest ways to strengthen password security is to give staff members a password manager. Password managers propose strong, distinct passwords, auto-fill them anytime they are necessary, and they save the passwords safely in an encrypted space. Although password managers can considerably enhance security, according to the Password Manager Annual Report 2022, a new Security.org survey with 1,047 U.S. individuals showed a bad practice that makes end users of password managers vulnerable of identity theft.
Password managers could help to do away with awful password practices because they make it simple and hassle-free to set a strong password. Whenever users set strong and unique passwords for each account, that is much better than setting quick-to-recall passwords or reusing one password on many accounts. One likely weak spot is the master password that is employed to protect the password vault. In case an attacker cracked that password, it doesn’t make any difference whether all the other passwords are unique since a hacker can decrypt them and access them from the password vault. Thus, the master password ought to be long, challenging, and distinct.
The survey of Security.org revealed that certain users do not use a unique password for their password vault, and individuals doing this error is really high. 25% of survey respondents that utilize a password manager said they use their master password for a number of accounts, even though that practice is extremely risky. Worryingly, though security awareness is better, the habit of master password reuse is rising. In 2021, 19% of password manager users mentioned they reuse their master password on a number of accounts. The survey furthermore showed that nearly one-half of password manager end users whose details were stolen had used again their master password on several accounts.
Organizations that are looking at offering a password manager to their staff members to boost password security must keep in mind and be sure that they stress the significance of using a good, distinct password for the password manager and the value of likewise having 2-factor authentication with the password manager.
Trust in Password Managers is Still High
Trust in the protection provided by password managers stays high, though the data breaches suffered by LastPass have had negative results. In 2021, LastPass was the most famous password manager, however, the survey shows it has gotten to 4th place, following Google Password Manager, iCloud Keychain, and Bitwarden. The security incident at LastPass didn’t disclose passwords, however, it was enough to cause numerous users to try out substitute providers. Even with these two breaches, merely 23% of participants feel password managers are not safe.
Unexpectedly, 28% of non-password manager end users explained they did not make use of these applications simply because they considered them to be dangerous; nonetheless, 50% of users confessed to making use of a similar couple of passwords for all accounts, 46% stated their passwords are kept in a document on their PCs, and 43% keep passwords in their internet browsers, all of which are considered riskier security tactics than employing a password manager.