Is Corporate Cost-Cutting Compromising Password Security?
In recent months the online streaming giant Netflix has been trying to tackle the problem of password sharing, as the cost of living crisis, coupled with the fact that the world is no longer locked down by a pandemic, means subscriber numbers have fallen. However, the issue of password sharing is not new, especially in the world of software licensing.
The practice of software license sharing within an organisation isn’t necessarily something to be frowned upon, if it is permitted by the vendor, many of whom use license management systems to prevent inadvertent usage and piracy. As businesses around the world have been exposed to higher costs, whether that is materials (driven by supply chain issues), human resources (specific skill sets attracting a premium) or change to corporate taxation, many have sought ways to reduce expenditure and limit licenses can be one such saving. Yet, there should be careful consideration and a degree of reservation regarding whether employees should be actively encouraged to share a password.
The danger of password sharing
If you create a culture in which passwords to vital resources are freely passed around the office and beyond (given the rise in people working from home), you are potentially increasing risk. Of course, the vast majority of people are diligent, but it is only right and proper to provide clear guidance as to what is acceptable, after all, few may see what harm it can cause, and who doesn’t cut the occasional corner to get the job done?
As soon as password sharing becomes standard operating procedure it is unlikely to stop at that one piece of software. In fact, we know through our Password Breach Database, that Active Directory passwords used by employees are being used as login credentials for other online services. Suddenly, systems storing confidential data, intellectual property and other assets have a greater exposure to being compromised, should the bad guys get access to the username and password.
Password security is priceless
Passwords are already a weak point for organisations. Having a password policy that advises people to change their credentials often, create so-called ‘strong’ passwords and not share login details with others is essentially useless if it is not adhered to, policed, or to make matters worse watered down for the sake of saving a few licenses. If you do need to trim costs, work with the vendor. Perhaps they can then provide a floating license that enables users to have their own secure logins, but access is restricted if the number of active sessions reaches the license limit.
The password problem isn’t going away. Only this month the MyID Password Breach Database reached the troubling milestone of 5 billion clear text credential records. There is a clear path for organisations to follow from passwords all the way through to PKI, and any point in between, depending on what level of security is appropriate. The first step must be to manage password security.
Trusted by Governments and Enterprises Worldwide
Where protecting systems and information really matters, you
will find Intercede. Whether its citizen
data, aerospace and defence systems, high-value financial transactions,
intellectual property or air traffic control, we are proud that many leading
organisations around the world choose Intercede solutions to protect themselves
against data breach, comply with regulations and ensure business continuity.