Released earlier this week by the state’s auditor general, a Western Australian government security audit revealed that 26% of its officials had incredibly weak and easily guessable passwords. More than 5,000  of the 234,000 passwords across 17 government agencies included the word “password”.

This included 1,464 people using “Password123”, 812 using “password1” and 176 using “abcd1234”. Close to 13,000 people used different variations of the season and date, with a staggering 7,000 including “123”.

While this can seem ridiculous and in some cases even funny, there were very serious potential outcomes as a result of this. The report found that a significant amount of these accounts are used to access very important information, as well as vital government systems. One such case showed that auditors were able to gain access to a government agency’s network with full administrative privileges by guessing the password “Summer123.”

The report found that, in most agencies, no help or support was given to users to store their information securely. As a result, some employees were storing passwords in Word documents and spreadsheets.

It’s understandable why people attempt to simplify their workplace access by using a simple or singular password – the average enterprise uses 91 services (Skype, Slack, OneDrive, Social channels, CRM, Marketing software, Sales automation, Website etc.). However, a staggering 81% of breaches are caused by weak or reused passwords. With more accounts than you can possibly recall, how are you supposed to remember strong, unique passwords for all of them? The simple answer is you can’t – but a password manager can.

What is a Password Manager?

A password manager is an application that creates, remembers and automatically fills in your passwords for you. Log in to an account one time, or manually add log in information to your password manager, and it will automatically store your username and password. All your passwords are stored in an encrypted format, which means they’re safe and protected. A password manager provides fast, secure and easy access to all your stored passwords with the help of a single master password.

A password manager can be incredibly beneficial for any business that wants to boost security, simplify the onboarding and offboarding process, as well as help employees manager their passwords more effectively.

Why is this important?

Simple Onboarding and Offboarding

A simple onboarding and offboarding process helps your organisation save time and money. Likewise, when an employee leaves your company, it is important that your password manager has the ability to revoke their access to work related passwords and data. According to a SailPoint Market Report, more than 2 in 5 employees reported have access to a variety of corporate accounts after leaving their last job.

The report concluded that an efficient onboarding and offboarding process helps prevent some of the internal security risks with provisioning and application usage.

Passwords are essential

No one needs to be told that passwords are important – we all know this. But it’s important to remember that your password is your first line of defence. Put simply, no matter what service it is that you’re using, the security is often times only as good as the password that you’ve set.

Making a very strong password is often complicated. A password manager really takes a lot of the pain out of the process and makes an often complicated and time consuming process simple and easy. A password manager does this by creating and remembering a new, strong and complex password for you that is much stronger than anyone could come up with.

Unique

Creating a solid, complex and secure password is great – but if it’s not unique it’s pointless, which is so often overlooked.

A site or application’s security is only as good as the password you use, which means a site’s security could be worse than your password! If you’re using the same strong password across multiple sites, accounts and applications, then those sites and services with inadequate security could endanger your information in places that are serious about security.

Account volume

Lets face it – you have more accounts than your team can handle, we all do. The average organisation uses 91 services, which means that even if you created unique passwords for all of them, you’d never be able to remember them all.

One study found that people had an average of 37 password reset emails in their inboxes. 37 times someone forgot their password. 37 times someone had to undergo the tedious reset password process and create a brand new unique password.

With an enterprise level password manager, the need to reset passwords is completely removed. Likewise, when one person forgets the password, they aren’t resetting an account password that everyone else then needs to update.

Simplicity

Password managers significantly increase your security while also simplifying your life… how often does that happen!?

A password manager requires you to remember a single password – that’s it – then it does the rest. No more trying to remember if it was a capital letter in this password, or a 3 instead of a capital E – and best of all, no more password resets!

 

You can learn more about why your business needs a password manager, how to create a strong password or how to protect yourself against email threats.

 

For over 15 years eStorm Australia has been partnering with business, education and government as their trusted Managed IT Services provider and single source supplier. Our team of specialists deliver superior on-site and remote services tailored to suit your specific requirements.

Call us today on (07) 3120 0640 or email us at [email protected].

 

News story source: The Washington Post

 

Trying to remember your password for every website, portal, tool and piece of software is borderline impossible. Some organisations like to solve this problem by using a very simple and memorable password, variations of the same password, or worse – the exact same password for everything! That’s just asking for trouble.

Simple and memorable passwords are very easy for hackers to gain access to with a staggering 81% of breaches caused by weak or reused passwords. Even using a very strong password, but used across many sites and logins, means a single breach on one site or platform can compromise your information everywhere else. That’s where a password manager comes in.

What is a Password Manager?

The average enterprise uses 91 services! Skype, Slack, OneDrive, Dropbox, Social media channels, CRM, marketing software, sales automation, online store, website, mail client – the list goes on and on. With more accounts than you can possibly recall, how are you supposed to remember strong, unique passwords for all of them? The simple answer is you can’t – but a password manager can.

A password manager is an application that creates, remembers and automatically fills in your passwords for you. Log in to an account one time, or manually add log in information to your password manager, and it will automatically store your username and password. All your passwords are stored in an encrypted format, which means they’re safe and protected. A password manager provides fast, secure and easy access to all your stored passwords with the help of a single master password.

A password manager can be incredibly beneficial for any business that wants to boost security, simplify the onboarding and offboarding process, as well as help employees manager their passwords more effectively.

Why is this important?

Passwords are essential

No one needs to be told that passwords are important – we all know this. But it’s important to remember that your password is your first line of defence. Put simply, no matter what service it is that you’re using, the security is often times only as good as the password that you’ve set.

Making a very strong password is often complicated. A password manager really takes a lot of the pain out of the process and makes an often complicated and time consuming process simple and easy. A password manager does this by creating and remembering a new, strong and complex password for you that is much stronger than anyone could come up with.

Unique

Creating a solid, complex and secure password is great – but if it’s not unique it’s pointless, which is so often overlooked.

A site or application’s security is only as good as the password you use, which means a site’s security could be worse than your password! If you’re using the same strong password across multiple sites, accounts and applications, then those sites and services with inadequate security could endanger your information in places that are serious about security.

Account volume

Lets face it – you have more accounts than your team can handle, we all do. The average organisation uses 91 services, which means that even if you created unique passwords for all of them, you’d never be able to remember them all.

One study found that people had an average of 37 password reset emails in their inboxes. 37 times someone forgot their password. 37 times someone had to undergo the tedious reset password process and create a brand new unique password.

With an enterprise level password manager, the need to reset passwords is completely removed. Likewise, when one person forgets the password, they aren’t resetting an account password that everyone else then needs to update.

Simplicity

Password managers significantly increase your security while also simplifying your life… how often does that happen!?

A password manager requires you to remember a single password – that’s it – then it does the rest. No more trying to remember if it was a capital letter in this password, or a 3 instead of a capital E – and best of all, no more password resets!

What makes a great Password Manager?

Usability

A password manager, particularly in a business context, isn’t effective if no one is using it. In order to ensure employees adopt the use of a password manager, it must be intuitive and easy to use.

A great password manager is:

Efficient: must be able to be used to complete tasks quickly and easily

Effective: should help users achieve specific goals

Engaging: the UI (User Interface) and UX (User Experience) should be pleasant and satisfying to use

Easy to learn: simple enough to be picked up and easily understood without deliberate effort

Error tolerant: should be designed to prevent errors and help users recover from errors that do occur\

Likewise, a password manager in a business environment must be usable cross platform and compatible with different operating systems and devices.

Simple Onboarding and Offboarding

A simple onboarding and offboarding process helps your organisation save time and money.

Likewise, when an employee leaves your company, it is important that your password manager has the ability to revoke their access to work related passwords and data. According to a SailPoint Market Report, more than 2 in 5 employees reported have access to a variety of corporate accounts after leaving their last job.

The report concluded that an efficient onboarding and offboarding process helps prevent some of the internal security risks with provisioning and application usage.

Administrative Controls & Monitoring

Your password manager should offer tools that enable you to oversee your employees’ use of the program. This means monitoring features such as dashboards, delegated administration, team sharing, role-based permissions, analytics and auditing.

These tools should enable you to enforce all organisational password policies and aid in regulatory compliance. It is however important to note that your password manager’s monitoring tools should not compromise the privacy of your employees.

Password Sharing

Password sharing is a very standard office operation. However, the methods via which employees use to share those passwords, such as email and internal chat programs, are not safe from hackers.

An enterprise level password manager enables employees to share passwords in a secure, convenient and efficient way. Administrative tools should allow you to share passwords on a temporary basis or with full access.

Likewise, these shared credentials should update automatically so that all other team members continue their access.

Security

Arguably the most important aspect of your password manager. The current recommended method of encryption for password protection is Advanced Encryption Standard (AES) with a 256-bit key length. This method has been deemed secure enough to protect the United States Government’s most highly classified data.

Be sure to utilise a password manager which uses a zero-knowledge protocol in its security architecture. This allows the employee full, exclusive control over the encryption and decryption of their data via a Master Password. This Master Password should never be stored on the password manager’s server or anywhere in the company’s network.

Additionally, your password manager should alert you and all employees in the event a data breach occurs.

If you’d like to find out how we can help your business, just ask us about eStorm Secure any time on (07) 3120 0640 or email us at [email protected]

You can learn more about how to make a great password or how to protect yourself against email threats.

 

For over 15 years eStorm Australia has been partnering with business, education and government as their trusted Managed IT Services provider and single source supplier. Our team of specialists deliver superior on-site and remote services tailored to suit your specific requirements.

Call us today on (07) 3120 0640 or email us at [email protected].

It goes without saying that a strong password is important for your on and offline security—both at home and at work (especially given the new Australian data notification legislation put in place earlier this year, which could see businesses and other organisations fined up to $1.8million for data breaches, unauthorised access to personal information and the loss of data). And we all know our passwords, in most cases, are our first line of defence. However, cyber security insight reports show we have a long way to go when it comes to using passwords effectively.

Nearly one in four (24%) people surveyed use the same password for all accounts. This statistic is of significant concern as passwords remain the most common, and in most cases the only, form of protection used by Australians for our devices. A recent Western Australian government security audit found that 26% of its officials had incredibly weak and easily guessable passwords (more than 5,000 passwords across 17 government agencies included the word “password”).

What makes a strong password?

The traditional password advice follows a fairly simple formula. You’re typically asked to create a password with a minimum of 12 characters, as well as being sure to include numbers, symbols, capital letters and lower-case letters. Likewise, you’re also encouraged to changed your passwords frequently in order to maintain a secure first line of defence for your accounts and applications.

However, contrary to popular belief, using a mixture of uppercase and lower case letters, symbols and numbers, as well as enforcing frequent password changes, has repeatedly shown to be counterproductive to good password security. Over time these traditional password security practices have become commonplace and predictable, therefore making them fairly unreliable and certainly not the safest option when creating a new or strong password.

A good password should contain at least 10 characters with an un-guessable combination of words. Using a phrase with multiple words helps memorisation but remains difficult to guess or crack. A simple rule of thumb is the longer the password the harder it is to hack. Likewise, it goes without saying that you should never share your passwords, or use the same password across multiple accounts, because if one gets hacked the rest become vulnerable.

Strong password examples:

• purple cabbage rabbit
• graceful elephant dance2
• redbull mobile bottle1

A great tool for testing strong password ideas is How Secure Is My Password. However, it is worth noting that exact passwords entered into the site should not later be used as the security of that specific password can no longer be guaranteed. Tools like How Secure Is My Password should only be used as a rough guide for strong password idea testing.

Trying to remember your password for every website, portal, tool and piece of software is borderline impossible—particularly in a work setting where the average enterprise uses 91 services! With programs and services like Skype, Slack, OneDrive, Dropbox, Social media channels, CRM, marketing and sales software, account keeping programs, your online store, website, mail client—the list goes on and on. With more accounts than you can possibly recall, how are you supposed to remember strong, unique passwords for all of them? The simple answer is you can’t—which is why we recommend using a password manager.

A password manager is an application that creates, remembers, securely stores and automatically fills in your passwords for you. A password manager can be incredibly beneficial for any business that wants to boost security, simplify the on-boarding and off-boarding process (did you know that a SailPoint Market Report discovered that more than 2 in 5 employees reported having access to a variety of corporate accounts after leaving their last job!), as well as help employees manage their passwords more effectively. A password manager is a convenient and practical option to help reduce the chance of falling victim to cyber crime that could result in a data breach.

If you’d like to find out how we can help your business with password management, just ask us about eStorm Secure any time on (07) 3120 0640 or email us at [email protected]

You can learn more about why your business needs a Password Manager as well as eStorm’s approach to multi-layered security.

For over 15 years eStorm Australia has been partnering with business, education and government as their trusted Managed IT Services provider, IT Support and single source supplier. Our team of specialists deliver superior on-site and remote IT services tailored to suit your specific requirements.

Call us today on (07) 3120 0640 or email us at [email protected].

14 years ago Bill Burr became the guru of passwords. His advice was to do away with memorable words in favour of garbled strings of letters, numbers and special characters that would be near-impossible for criminals to guess. This was and still is accepted as gospel around the world. He now acknowledges that the information he published in 2003 only makes people more vulnerable to hackers.

The trouble, according to security researchers, is that in reality the recommendation caused many people to adopt highly predictable “complex” passwords, such as “Padollars dollars w0rd”, to try to remember them. Mr Burr also suggested that people should change their passwords at least every 90 days. This advice, which was adopted by corporations, universities and government bodies, gave individuals grappling with ever-growing numbers of passwords an even greater incentive to adopt easy combinations.

Many people have come to “update” their passwords by making the simplest tweaks. “Pa55w0rd1” becomes “Pa55w0rd2”, “Pa55w0rd3” and then “Pa55w0rd4”, for example.

Because of the stress surrounding complex passwords, people also tend to use the same or similar credentials on different sites. This means that if log-in details are stolen in a data breach, such as the Yahoo hack, criminals can use the same password to access a victim’s accounts on other sites. What we have now is a global password etiquette of requiring at least a capital, symbol and number to be included, but is this necessary?

To counter these problems, cryptography experts have highlighted the merits of long, “simple” passwords, made of up of strings of ordinary words. In a widely circulated diagram, the NASA engineer turned cartoonist and author Randall Munroe calculated that it would take 550 years at 1,000 guesses per second to crack the password “correcthorsebatterystaple”, while “Tr0ub4dor&3” could be cracked in three days.

Mr Burr, 72, who is now retired, told The Wall Street Journal: “Much of what I did I now regret. In the end, it was probably too complicated for a lot of folks to understand, and the truth is, it was barking up the wrong tree.”

 

Ciaran Martin, head of Government Communications Headquarters’ (GCHQ), National Cyber Security Centre, has also criticised the standard advice for passwords. In February he told BBC Radio 4’s Today program that even his own “best technical people” would struggle to remember complex, changing log-ins for multiple accounts.

Mr Burr, who programmed US Army computers during the Vietnam War, told The Wall Street Journal that he had wanted to base his guidance on real-world password data, but too little was available in 2003 and he was under pressure to publish quickly.