Twenty percent of employees said they'd be willing to sell corporate login credentials to outsiders. Employees are sloppy when it comes to handling passwords, cheerfully sharing them with co-workers, using a single password across multiple applications, and even claiming to be willing to sell them to an outsider. That's according to a new report by identity management and access firm SailPoint, which warns that it isn't just cybercriminals and hackers from outside an organisation's perimeter whose actions could result in massive data leaks, but that insiders could cause harm as well, whether intentionally or not. Even if employees aren't sharing information outside of the company, they're still potentially putting data at risk, as almost one in three are willing to share passwords with their co-workers. Those willing to share their passwords might be giving away more than they realise, as two thirds of respondents revealed that they use the same password for multiple applications, making unauthorised access much easier.
Password Guidance: Simplifying Your Approach contains advice for system owners responsible for determining password policy. It is not intended to protect high value individuals using public services. It advocates a dramatic simplification of the current approach at a system level, rather than asking users to recall unnecessarily complicated passwords.
Video: Microsoft pushes for biometric keys to replace passwords. Microsoft has released the public preview of a new Azure Active Directory tool that will help admins kill off bad passwords in the enterprise. The tool, called Azure AD Password Protection, offers a new way of protecting Azure AD and Windows Server Active Directory accounts from users with bad password habits. The tool contains a list of 500 of the most commonly used passwords and helps blocks a million more that contain character-based variations on these bad passwords. That means since'password' is already blocked, users won't be able to set their password to'P@ssword' or'P@$$w0rd'.
Year after year, security surveys point to password management as a key way to prevent breaches and hacking attempts. One compromised account can lead to data breaches of immeasurable proportions, prompting many businesses to use password protection services like 1Password. The security company 1Password has released a new Advanced Protection suite that provides business users with five key tools designed to protect their passwords. With the Advanced Protection suite, business users will get company-wide two-factor authentication enforcement, new firewall rules, better sign-in attempt management, complex Master Password policies and modern app usage requirements. "Large, complex organisations use 1Password Business, and many of them have specialist security and governance requirements," 1Password CEO Jeff Shiner said in a statement.
Constant password changes, inconvenient software updates and blocked websites are a fact of life in the modern workplace. But so are potentially crippling cyberattacks. It can seem impossible to manage the conflicting needs of network security and workers who want uninterrupted access. But there are promising new approaches that are letting organizations strike a necessary balance. Traditionally, security concerns have almost always been the top consideration when setting the parameters for end-users.