Revisiting Basic Password Security For A Secure Workplace
19 Apr 2022
Let’s face it – human beings are not exactly the best at remembering things. When it comes to choosing a password for work, we tend to opt for something convenient and easy to remember. Whether it is subconscious or not, the chosen password is more often than not the same as that of our personal social media or email accounts. At the very most, we do a half-hearted attempt at varying the password, perhaps changing the last letter or including an extra digit at the end.
Truth is – using your personal passwords for work accounts could very well compromise on your enterprise security.
Findings from Gemalto’s annual Authentication and Identity Management Index indicated that “majority (90%) of enterprise IT professionals are concerned that employee reuse of personal credentials for work purposes could compromise security.”
With an increasing number of work accounts being access via personal mobile phones or tablets, the areas between personal and work are merging closer together. Naturally, utilising their personal passwords for work purposes would be the most convenient for quick access to work accounts.
Moreover, it saves the IT department time from having to constantly reset passwords whenever an employee gets locked out of their work emails or accounts.
While it is certainly more convenient from the employee’s part to use their personal passwords, companies can also implement additional security measures to alleviate the risk of data leaks and breaches.
Further findings from Gemalto’s study shows that “nearly all (94%) of the respondents protect at least one application with two-factor authentication.” Additionally, a large majority of respondents expect their organisation to expand the usage of two-factor authentication in the future.
In addition to implementing multi-factor authentication within the company’s systems, sending regular reminders to employees to change their password is a great way to reduce the risk of data breaches as well.
Likewise, communicate the importance of keeping work and personal passwords separate to your employees. It is a great way to remind them and at the same time, highlight to them to the risks involved with using the same password for work and personal accounts.
Finally, the main responsibility lies with the employee. It is time to put an end to using “12345” or “password” or even your own personal passwords for your work accounts. At the minimum, create a separate robust password for both your personal and work accounts and write it down somewhere so that you can always refer back to it.