The Password Manager Cure

🔐Passwords

Love 'em or hate 'em, they are part of our lives and will be around for some time. The day will come when passwords will no longer be a thing, but that day isn't here yet, and it won't be for a while.

So we might as well confront the reality head on - the way we humans manage the very "keys" to the proverbial kingdom of our secrets and even the access to our digital assets, reveals we, human being are terrible at it.

Pay attention now: according to Verizon’s 2023 Data Breach Investigations Report, 83% of data breaches involved compromised credentials, with weak or stolen passwords being one of the leading causes. For us, small business owners, the impact of a data breach can be devastating, leading to financial loss, legal consequences and fines, plus damage to your company’s reputation. Ouch!

😷The illness and the cure 💉

Imagine your business suffering from a chronic illness that leaves it vulnerable to frequent attacks, costing time and money, and compromising its reputation. Poor password management is one way to describe this illness. The cure? A password manager. Just like a bitter syrup might not be pleasant at first, but cures you later if you keep taking it, the benefits of adopting a company-wide password manager are significant and can greatly enhance your company’s security health.

Are you still with me?

Weak passwords, reused passwords, and forgotten passwords are all symptoms of this chronic illness. These issues are not just minor annoyances—they are major security risks.

A password manager is a tool that generates, stores, and manages strong, unique passwords for all your accounts. It ensures that your employees don’t have to remember or write down passwords, thus reducing the risk of human error and improving overall security.

I have been managing dark web monitoring for several years now, and I can tell you, when the reports come, and I see what passwords people are using...it’s scary!

But don't trust me - here are the latest statistics from the top 10 most commonly used passwords by our fellow humans in 2024...are you ready? Sit down, because it's coming:

1. 123456

2. 123456789

3. qwerty

4. password

5. 12345

6. qwerty123

7. 1q2w3e

8. 12345678

9. 111111

10. 1234567890

The data came from analyzing 15,212,645,925 passwords, of which 2,217,015,490 were unique. By the way, these top ten winners are the same every year 😁 year after year.

Why should you care 🚨

Honestly, I'm not mad at people. They're busy. They aren't thinking about securing your business. As a business owner, you are ultimately responsible for what practices are tolerated in your organization. Or not.

Here's why you should care: criminals use automated tools to 'crack' the access to your digital assets and the easier a password is, the easier it is for them to breach your defenses. These tools aren't even so sophisticated. This means more bad actors and increased chances of you getting hacked!

Introducing a password manager might seem like a hassle at first. It’s like taking a bitter syrup—initially unappealing but ultimately beneficial. Here’s how to smoothly implement password managers in your company:

1. Adopt a password policy - policies must be enforceable and there must be consequences for not following company policy. Your security manager, CISO, vCISO - whoever is looking after your security, they know how to roll out new policies and ensure their successful adoption.

2. Education and Training: Educate your employees about the risks of poor password management and the benefits of using a password manager. Provide training sessions to help them understand how to use the tool effectively.

3. Integration into Daily Routine: Encourage employees to use the password manager for all their accounts. Make it a part of their daily work habits.

4. Continuous Monitoring and Support: Regularly monitor the usage of the password manager and provide ongoing support to address any issues or concerns.

Consider the case of a small marketing firm that suffered a data breach due to compromised passwords. After implementing a password manager, they reported a significant reduction in security incidents and an increase in productivity as employees no longer struggled with password-related issues.

According to a study by LastPass, businesses using password managers experience 50% fewer data breaches and spend 30% less time on password-related tasks.

Wait, did you read this last sentence?

Let's calculate the time and cost wasted on password management for a business with 100 employees, each spending 15 minutes per month dealing with password resets.

1. Time Spent per Employee per Month: Each employee spends 15 minutes per month on password resets. Convert minutes to hours: 15 minutes = 0.25 hours.

2. Total Time Spent by All Employees per Month: 100 employees * 0.25 hours per employee = 25 hours per month.

3. Cost per Hour per Employee: Average pay is $25 per hour.

4. Total Monthly Cost: 25 hours @ $25 per hour = $625 per month.

5. Total Annual Cost: $625 per month * 12 months = $7,500 per year.

For an organization with 100 employees:

• Monthly Cost of Password Resets: $625

• Annual Cost of Password Resets: $7,500

You can adapt the match to your particular case however you wish.

When employees spend time dealing with password resets, it’s not just about the time lost, but also the productivity and financial costs associated with this activity. In this example, 100 employees each spending just 15 minutes a month on password resets results in the company wasting 25 hours monthly. With an average pay rate of $25 per hour, this translates to a cost of $625 per month, or $7,500 annually. It can easily be double or triple than that, or even more!

By implementing a password manager, businesses can significantly reduce or eliminate this wasted time, allowing employees to focus on more productive tasks and saving the company money in the long run.

Adopting the use of company-wide password manager, while requiring a small investment of resources on the front end, will pay off in a big way over time, recovering hours and hours of lost time. I love it when good security practices result in spending less and keeping more of our hard-earned money!

George