Growing Improper Use of Password Managers

Passwords can offer a good level of security, however too often users select weak passwords that do not challenge hackers. A lot of the most often-used passwords could be cracked pretty much instantly. According to a recent NordPass study that analyzed a 3TB database of passwords, a password was utilized to secure 4.9 million accounts. Of all the passwords used, the weakest password, which is 123456, was used on 1.5 million accounts.

Awareness of security today is increasing, nevertheless, a lot of users still use weak passwords for simplicity in spite of the threat of compromised accounts. It is additionally typical for end users to set a similar password for several accounts. This poor practice could lead to credential-stuffing attacks. When the password is compromised on one program, all other accounts using the same username and password combo can also be accessed.

One of the most budget-friendly and simplest ways to enhance password security is to let employees use a password manager. Password managers recommend good, unique passwords, auto-fill them whenever they are required, and keep the passwords securely in an encrypted vault. Though password managers can substantially enhance security, according to the Password Manager Annual Report 2022, a new Security.org survey involving 1,047 U.S. adults revealed a poor practice that puts users of password managers in danger of identity theft.

Password managers could help to remove awful password practices since they make it simple and convenient to use a strong password. When users set strong and distinct passwords for every account, that is more effective than setting quick-to-remember passwords or reusing identical passwords on several accounts. One possible weakness is the master password that is utilized to protect the password vault. In case a hacker guessed that password, it doesn’t matter if all the other passwords are strong because a hacker can decrypt them and get them from the password vault. Therefore, the master password should be long, difficult, and unique.

The survey of Security.org showed that a number of users fail to set a distinct password for their password vault, and those committing this mistake is very high. 25% of survey respondents that have a password manager confessed they reuse their master password for a number of accounts, in spite of that practice is very risky. Worryingly, although security awareness is better, the practice of master password reuse is escalating. In 2021, 19% of password manager end users confessed they reuse their master password on a number of accounts. The survey additionally revealed that about 50% of password manager users whose identities were stolen had used their master password on several accounts.

Companies that are thinking of giving a password manager to their workers to boost password security ought to take note and make sure that they stress the value of using a good, unique password for the password manager and the significance of likewise having 2-factor authentication for the password manager.

Confidence in Using Password Managers Stays High

Confidence in the protection offered by password managers is still high, however, the data breaches encountered by LastPass have had bad effects. Last year, LastPass was the most preferred password manager, but the survey reveals it has dropped to the fourth rank, behind Google Password Manager, iCloud Keychain, and Bitwarden. The data breach at LastPass did not expose passwords, yet it was enough to prompt a lot of end users to go for alternate providers. In spite of these two breaches, just 23% of participants think password managers are unsafe.

Oddly enough, 28% of non-password manager users stated they didn’t utilize these tools since they think they are unsafe; nonetheless, 50% of users mentioned utilizing the same few passwords for all accounts, 46% mentioned their passwords are stored in a file on their computers, and 43% store passwords in their web browsers, all of which are much riskier security habits than utilizing a password manager.

Author: Joe Murray

Joe Murray is the Editor-in-Chief of HIPAA 101, where he leads the writing team in delivering high-quality news and insights on HIPAA regulations. With over 15 years of experience in healthcare journalism, Joe has established himself as a trusted writer. At HIPAA 101, Joe is dedicated to providing healthcare professionals and administrative staff with accurate, timely, and comprehensive information to help them navigate the complexities of HIPAA.