Why Passwords Alone Are Not Enough
Believe it or not some people – in fact many people – are still using terrible passwords to “secure” access to their personal and business accounts. The purpose of passwords is to prevent unauthorized access to your accounts. By now, most of us know that using strong passwords, that is, passwords that are hard to guess, is a basic cybersecurity practice. The majority of workplaces should have password security policies in place with guidelines for employees.
However, the standard approach to password security in the workplace has failed. Security breaches attributed to use of poor passwords is a dangerous but largely ignored threat according to LastPass. In its report “The Password Exposé” it reveals that 81% of confirmed data breaches are due to passwords. Yet despite the frequent occurrence of major data and privacy breaches and the ease with which hackers can crack passwords, people are still using passwords that are easy to guess.
No matter how “good” a password is, ultimately passwords alone are not enough to secure user accounts; This is where multi-factor authentication comes in.
Let’s look at why passwords are so tricky and cannot be solely relied upon for securing accounts.
Good Passwords Are Hard To Set And Easy To Forget
If you are human and not a mega-memory champion, you’ll have forgotten a password before. Chances are you’ve probably had to reset your passwords a number of times, if not practically every time you need to log in to an application.
So why is it that passwords like “123456” and “password”, or similar variations of these continue to top the list of bad passwords? Well, the simple answer is because they’re easy to remember. Whether or not people are aware and understand, or indifferent to, the urgency and seriousness of the potential for data and privacy breach, the reality is that bad passwords are easy to remember and good passwords are easy to forget. This is due to the requirement for them to be long and complex.
Relax, It’s Natural To Forget
For many of us, we may struggle remembering the name of the person we were just introduced to a moment ago. We’ve all experienced a panic moment when we don’t recall if we turned off the stove when we rushed out of the house.
If you can’t remember an 8 character-length password (or longer) that you reset just yesterday, take comfort in knowing that this is perfectly normal. In fact, psychological experiments have shown that seven is a magic number. That is, on average, the longest sequence a normal person can recall on the fly contains about seven items. Psychologists refer to this limit of the typical capacity of the brain’s working memory as the “magical number seven”.
No wonder why we find remembering good passwords a challenge. The recommendation for a good password is one with at least 8 or more characters made up of a combination of lowercase and uppercase alphabetic characters, numbers and symbols.
Too Many Passwords To Remember
So, how many passwords do you think you have to keep track of? It’s guaranteed to be more than you think. According to the LastPass report, the average business employee must keep track of an astounding 191 passwords. Add to this any number of personal passwords and that number is easily over 200 mark. We need multiple passwords to function in this digital age – just think personal online banking, online bill payments, multiple personal email accounts, etc. There are just too many to keep track of, let alone remember each one.
This is where you find people succumb to the frowned upon practice of using the same password across multiple user accounts and websites.
We All Like Convenience
Who needs to memorize phone numbers these days when your phone stores them? We simply don’t want to use up precious brain power and memory storage capacity when we do not need to. We are all busy and we like convenience. Sometimes we are even lazy. For convenience, some people rely on their internet browser to remember their password, or write it on a sticky note and leave it on their desk. They may even share it with a colleague like you may give a neighbor your spare house key.
Unfortunately these practices are risky and are not recommended, but people are people and we like convenience.
The Need To Move Beyond Password Security
Managing tens, even hundreds of passwords in our daily lives can clearly be a challenge. Keeping up with workplace password security policies and applying them to our personal lives can also be difficult to achieve simply because we are human.
For all the above reasons, it is evident that workplaces need to move beyond password security. Relying on (bad) passwords to “secure” user accounts and applications is simply not good enough and is leaving organizations open to security threats. So what can organizations do to ensure that user accounts cannot be easily hacked?
Strong Authentication Is The Key
It is critically important to verify users when they are trying to login and access corporate accounts, networks and applications. This makes authentication a security essential.
What is Multi-Factor Authentication (MFA)?
This brief video by Duo explains what Multi-Factor Authentication (MFA) is and why at a minimum, Two-Factor Authentication (2FA) it is a security essential.