With security and encryption at the forefront of the news in recent months, now is an excellent time to review password security at your institution.
According to Independent Banker, computer users tend to rely on their memory for password management and use simple passwords that can be easily cracked – even for work-related logins. Considering that Verizon’s 2016 Data Breach Investigations Report (DBIR) shows 63% of data breaches were related to weak or stolen credentials, it’s more important than ever for financial institutions to tighten the reins on employees with lax password security.
There are numerous internal solutions for banks and financial institutions to ensure the use of strong passwords across their own platforms – most notably single sign-on (SSO) across their own platforms. However, there are other factors to consider as more of everyone’s work and personal lives rely on the digital world each year – whether or not SSO is something your institution has implemented.
Rethinking the Cost/Benefit Analysis of SSO
If you’re a smaller institution, SSO may not seem feasible due to cost and/or complexity. Yet smaller firms requiring strong passwords across multiple platforms can end up losing more than the savings from not implementing SSO once workers’ productivity is factored in. Independent Banker cited one estimate of $42,000 annual productivity cost related to forgotten passwords for a 100-person company.
Risk of Exposure Goes Beyond Your Own Systems
While SSO reduces the number of passwords employees, customers, and partners use for accessing information, it is not a catch-all. Many employees utilize outside online accounts for business purposes. Not to mention the many personal accounts – with differing security measures – where employees sometimes recycle the same passwords that they use at work!
Other Ways to Mitigate Risk
Investing in password management software (PMS) can help to resolve these security and productivity issues. Since PMS can handle password generation and password memory, it can enable workers to sign-in with the simplicity of remembering only one password and the security of having unique strong passwords for each login.
PMS systems aren’t new to the market – RoboForm started in 1999 – but they are becoming increasingly popular for personal and professional use as cyberattacks become more frequent.
These systems offer a solution to remember one strong password or use biometrics to utilize the applications, which can store numerous complicated passwords locally or in the cloud for users to access their passwords via web browser, mobile devices, or both. Some include two-factor authentication, where strong passwords are used in conjunction with single-use authentication codes sent by email or text message to the account owner. This can help further safeguard against password theft.
For additional information about this topic, please refer to the full article from Independent Banker or view the DBIR quick reference guide for financial services.
Additional Source: Lifehacker.com: Five Best Password Managers.