Password security continues to be a widely-discussed topic across the infosec industry.
Still the most commonly-used form of authentication, passwords are heavily relied upon to validate identities and access. However, a combination of password-focused attacks by cyber-criminals, confusing password security advice, poor password management and password reuse means that passwords can prove to be a significant security risk, leading to data breaches, fraud and further criminal activity.
1Password is a company that is seeking to help turn the tide and aid users and organizations by making password use more secure and safe. Infosecurity Magazine recently spoke to 1Password’s COO Matt Davey to learn more about the company’s offering and the current state of password security.
What is 1Password and what service(s) does the company provide?
1Password is a secure, scalable and easy-to-use password manager that puts privacy first to give families and businesses full control of their data. 1Password keeps you safe online by making it easy to create and use strong passwords, and guards against data breaches with the Watchtower suite of security tools. We are trusted by 50,000 businesses and millions of customers to secure their information.
1Password Business is incredibly easy to roll out and makes an immediate difference to employee security. You don’t need a huge budget and two years to notice the impact – we’ve seen a large enterprise onboard 50,000 people onto 1Password in a matter of weeks.
Using 1Password day-to-day is simple. You get the apps on every platform so your passwords are always with you when you need them. Everyone gets a private vault for personal logins, and you can create specific vaults to share selectively.
How would you describe the current state of password security?
I’ll keep profanity to a minimum, but it’s not great. A combination of companies not securing data correctly and people not knowing the dangers of password reuse has created a world where data breaches are growing in size and scale.
There’s a lot of advice out there, but often it isn’t very practical to follow in everyday life. We hear: Change your password every 90 days to something unique, make sure it’s more than 12 characters and includes three digits and four symbols. Oh, and you have to remember it. Also, don’t come up with a system to remember these things, because if one of your passwords is compromised, your system is likely compromised. It’s all exhausting advice. My mum takes one look at all this and says “oh why bother, I’m not a target.” Ultimately, if security isn’t easy, people won’t make it a priority.
What people need is advice that’s easy to follow and can become an automatic part of their routine. You shouldn’t need an in-depth knowledge of cybersecurity or have to spend a huge amount of effort to stay safe online. That’s why password managers need to be seen as normal and necessary, and that happens through advice from the industry.
Is there better awareness about the risks surrounding insecure password behavior than in the past?
There have been several large financial breaches over the last couple of years. Credit monitoring (monitoring your credit history to detect suspicious activity or changes) has been the solution offered by affected companies to their customers. We’d instead love to see password management with breach monitoring become the solution to data breaches.
While these high-profile breaches have created better awareness, it’s a process of every little push. People know that their password habits are bad, but there’s little understanding of why it’s a terrible idea to use Password123 for every account. Few people think that someone will guess their password. There’s an ‘it won’t happen to me’ mentality. That needs to change, and that comes down to communication.
We need to raise awareness of the risks involved with reusing simple passwords, but also offer actionable advice. Your password should be randomly generated, strong and unique for every account. It’s that simple.
What needs to be done to improve practices and behaviors around password use and management?
The key to improving password management is encouraging good security habits that become second nature. A big part of that is education. As I’ve mentioned, people often know that their password behaviors aren’t secure, but are bogged down by complicated advice from all angles.
You need to make security part of people’s workflow and day-to-day digital lives, so they don’t have to think about it. When everyone uses a password manager, it just makes security incredibly easy. People can use strong, unique passwords for every account and share logins and other important information securely. No more sending passwords over instant messenger!
To help build these habits, we offer free family accounts to every employee of a company using 1Password Business. When people practice good security habits at home, they’re more likely to do so at work. Plus, it encourages people to share these habits with their family members, too.