By Aaron Walker, content lead, G2 Crowd
When it comes to online security, even the rulers of Silicon Valley can take the easy route. For many that easier path is far from that of least resistance. Last month, Mark Zuckerberg’s Pinterest and Twitter accounts were hacked after stolen LinkedIn usernames and passwords from 2012 surfaced.
“Dadada” is neither complex nor creative, but that is the password Zuckerberg chose to secure his accounts, according to The Wall Street Journal. But a complex password is only one component to ensuring data security.
Assistance may be difficult to find, but G2 Crowd’s recent research analyzed nearly 300 user reviews of password management software. These tools are available to everyone from personal users to corporate entities, all of which desire confidence and security for their personal and professional data. Here are some tools and features that businesses should look for when considering password management tools to avoid ending up like Mr. Zuckerberg.
Random password generators — Complex passwords are often difficult to create. A variety of letters, numbers and characters should be incorporated, but many people stick with “12345” or “password.” Some products offer or require users to generate random passwords made of nonsensical combinations of characters. These may be difficult to memorize, but many products will remember or allow users to keep a secure notepad with authentication requirements to list login credentials.
Multi-factor authentication — Even if passwords are stolen by a hacker or key logger, multi-factor authentication requires additional steps to access accounts. Additional authentication factors may include a PIN number, text message or fingerprint identification.
Sharing and storage — Many password management products provide sharing services to allow the transfer of credentials safely. These features allow for secure and simple means to distribute login information between teams, co-workers or even family members.
Endpoint access — Endpoint access features allow users or administrators to access additional devices remotely. Password management tools allow for endpoint access as secure means for administrator monitoring or use on multiple devices. Mobile access tools allow users to either securely enter databases or password lists via additional devices and operating systems.
Password policy requirements — Password policies are often required by password management systems to ensure employees are creating complicated and cryptic passwords. This prevents employees from using “dadada,” “12345” or other guessable terms. Other policies relate to password reset and sharing requirements.
Identity directories — Identity directories are useful tools for administrators to monitor the quality of credentials, login locations and search tools synced with employee directories. These tools provide easy access to large amounts of employee data and simple, navigable directory navigation.
Provisioning tools — Provisioning tools allow users the ability to set roles, policies and hierarchies for data access. Administrators have the ability to grant, limit or terminate access capabilities. These tools also allow for password policy editing, multi-device synchronization and user requests.
Governance — Governance tools work as threat monitoring systems to alert administrators when suspicious access occurs. Users can act quickly to limit the impact of data breaches or keep track of inappropriate access. Compliance audits allow the password management system to proactively monitor and compare user access rights against policies.
Key logs, phishing scams, and malware are just a few ways to easily collect user credentials. And password management systems have countless benefits for those looking to keep personal, company or client data secure.
Identity theft is a most dangerous and common threat to a single person’s data. Many users rely on their browser to secure usernames and passwords, but experts suggest browser password storage is not secure and provides minimal encryption. Hackers can file tax returns, apply for credit cards and pile up debt with little more than a social security number.
Secure business practices can prevent data breaches which could result in hundreds to millions of clients’ information to become public. Poor password management puts the personal and financial well being of every party involved at risk.
Practices such as encryption software, file removal tools and virtual private networks can add additional layers of security. But a password management system should be the base level of security for both business and personal accounts.
Aaron began working at G2 Crowd shortly after graduating from The University of Iowa, where he studied journalism and international relations. The Chicagoland native spent two years covering politics for The Daily Iowan, studied in Spain and interned with WGN-TV and The Daily Herald.