By Joshua Parsons, Product Marketing Manager at Enzoic
For decades, enterprise security measures and employee productivity were seemingly at odds. In fact, 37% of respondents in a recent Vanson Bourne study indicate that security and regulatory policies are the chief inhibitors of their productivity and digital experience. Arguably, no area of security has been perceived as more counterproductive to employee efficiency than password management.
It’s no secret that mandating a unique password for every account or system is a source of user frustration. Even in an enterprise environment in which access to many accounts is enabled via Active Directory, employees still find legacy password management approaches to be burdensome. They’re not wrong—in fact, not only are these outdated policies a significant hurdle to productivity, but they also have an adverse effect on corporate security.
Security Shouldn’t Come at the Cost of Productivity
Let us take a look at some of these legacy practices and why companies must abandon them in favor of a more modern approach to password security.
Eliminate Mandatory Password Resets
Enforcing periodic resets has been the traditional strategy for combating employees’ poor password practices, like reusing them across multiple accounts, selecting generic ones like “Password” or “1234,” or sharing credentials with colleagues. Multiple studies have documented that mandatory password resets require significant IT resources and don’t enhance security, as people tend to choose simple passwords or make small changes to the root phrase when they know they will be required to change it again in the near future.
Abandon Complexity Requirements
Arbitrary password complexity requirements—such as including both upper- and lower-case letters, numbers, and special characters—are another legacy practice that inhibits productivity. Moreover, this approach often results in passwords that are easy for hackers to guess or crack. For example, “P@ssword1!” would meet all complexity requirements but is obviously a weak credential guaranteed to exist on a list of exposed passwords available to hackers on the Dark Web.
Get Password Security and Productivity in Lock-Step
The legacy practices above are just two examples that the National Institute of Standards and Technology (NIST) now recommends against due to their negative impact on employee productivity and account security.
So, what should companies be doing instead to secure passwords? A more modern approach is to screen all passwords against a list of commonly known and exposed credentials. After all, if a password is secure there’s no point forcing users to change it every three months or comply with various complexity requirements. Many static lists of exposed credentials exist on the Dark Web and some companies even curate their own. However, given the staggering rate at which new breach data is exposed, the only way to ensure password security is to continuously screen credentials against a dynamic database that is updated with the latest threat intelligence.
How Enzoic Gives Enterprises Password Peace of Mind
This is where Enzoic comes in. Our proprietary credential screening solution screens all proposed passwords against our continuously updated database. This extensive database contains billions of passwords exposed in data breaches and found in cracking dictionaries. In addition to complying with NIST’s guidelines to screen passwords at their creation, Enzoic takes it a step further by vetting their integrity on an ongoing basis. Our database automatically updates multiple times per day, ensuring that every organization’s password security reflects the latest breach intelligence without burdening the IT department with the details.
Zero Employee Friction
Another benefit of abandoning legacy password security approaches in favor of a modern credential screening solution is that verifying password integrity happens entirely in the background. Uncompromised employees gain efficient access to their accounts without adding additional steps or device requirements, as is the case with multi-factor authentication, one-time passwords, or other authentication mechanisms that introduce more friction. Should a previously secure password become compromised, companies can automate their response to force a password reset or use an existing secondary authentication method to verify the employee’s identity.
Securing the Future of Hybrid Work
With the adoption of hybrid work environments, the need for secure passwords to combat this growing attack surface becomes increasingly important. A modern password management approach that continuously screens for credential compromise is the best way that organizations can secure this complex environment while simultaneously enhancing employee productivity.
Click here to learn more about how Enzoic’s solutions can help you strike the right balance between password security and employee productivity.
About the Author
Joshua J. Parsons is the Product Marketing Manager at Enzoic, where he leads the development and execution of strategies to bring innovative threat intelligence solutions to market. He has had a lifelong interest in digital innovation and how it can be used to protect individuals and organizations from ever-changing cyber threats. A strong believer in giving back to the community, Joshua serves as a mentor to those interested in information security and marketing through his alma mater, the University of Michigan. Outside of work, he can be found at the nearest bookstore or exploring the city’s local coffee scene.
Joshua can be reached online on Linkedin (linkedin.com/in/jjparson) and at our company website http://www.Enzoic.com/