In today’s cybersecurity landscape, where highly sophisticated phishing and malware attacks grab the headlines, it’s easy to assume that people are more security savvy when online. Despite being warned about the dangers of doing so, huge amounts of computer users continue to use weak and generic passwords.
In its first ever UK Cyber Survey, the National Cyber Security Centre (NCSC) found the most-used password from global cyber breaches was "123456", with "ashley" the most-used name as a password. The report estimated that the password "123456" is used by 23.2 million users worldwide.
Along with using weak passwords, another bad habit is password reuse. A study from last year saw Virginia Tech University researchers and Dashlane analysts examine a database of over 28 million users and their 61 million passwords. They discovered that a staggering 52% of the users studied use the same password for multiple services.
A lot of attention from cybersecurity pros is put upon sophisticated new forms of cyber threats. While understanding these threats is important; all of these pros should know that bad password habits are prevalent and present hackers with the opportunity to assume control of accounts.
Many thought leaders are quick to point out that passwords will soon become obsolete and replaced by fingerprint and face scanning solutions with improved security. While this may well happen, the technology that underpins these solutions is still in its infancy. When these solutions fail today, passwords remain the bedrock of authentication—this fact shows no signs of changing in the immediate future.
A third party in the password process
Most businesses today will have password policies in place, but are these policies doing enough? For managed service providers (MSPs), the bottom-line is ensuring that customers’ networks, devices, and individual users are protected.
Bad password habits directly pose a threat to the defense of networks, devices and users, and yet, some MSPs overlook “basic” password management in the midst of more technical areas. An example of this is how MSPs often overlook changing the default passwords of network devices—this is the kind of bad password management that has no place in today’s IT environments. The time is now for MSPs to get into the habit of routinely checking for new devices, especially with the increase of IoT, and ensuring that all default passwords are changed.
It’s worth noting that MSPs often don’t have control over the new devices entering the network. This doesn’t change the fact that a central part of the MSP’s job is to help ensure their customer’s environment is secure.
What can MSPs do to prevent their clients from developing bad password habits? Firstly, MSPs should be educating about best password practice. Establishing this kind of vital security awareness isn’t the client’s full responsibility – it’s part of the MSP’s job to ensure that their clients are secure. If sufficient education isn’t provided, MSPs could be seen to be at fault when internal mistakes lead to password related security issues.
Establishing a good base of password security awareness doesn’t guarantee that employees will never make another password mistake. A more failsafe option is taking password management out of the hands of employees with password management software.
Being able to support MSPs with the ability to offer password management services is key. Having recently acquired PassPortal, SolarWinds is able to address gaps in the market not currently met by other enterprise-level security vendors and deliver a service that alleviates the password pains and struggles that MSPs’ customers face.
Passwords made simple
MSPs today find themselves under pressure to grow a portfolio of security products and services to meet customer demands. Bad password habits are a key vulnerability that all MSPs should be covering for customers.
All MSPs should be offering password management to their customers and failing to do so could potentially come at a great cost for both MSPs, and their customers.