Smart tips for password management: Rohan Vaidya, Regional Director for India of CyberArk

On the occasion of World Password Day today (4 May 2023), Rohan Vaidya, Regional Director for India of CyberArk shares some tips on password management.

Some edited excerpts from an interview

How are organisations commonly managing passwords?
Despite the fact that attackers are increasingly leveraging badly managed passwords for their campaigns, password management is often neglected. Most organisations fail to utilise enterprise-grade protection to safeguard themselves, preferring to rely on traditional and outdated password management tools that can lead to ‘password fatigue’.

What are some of the key challenges organisations face when it comes to password management?
Many of the apps used in the workplace do not leverage modern identity protocols. Even though most modern apps integrate with single sign-on solutions to sidestep password management woes, some apps still require a stand-alone username and password credentials.

Adding to the challenge is the fact that any user can become privileged in the right circumstances based on the resources they’ve gained access to, leaving companies vulnerable and in constant danger of security breaches. Employees now have a shocking amount of access to sensitive resources. Cybercriminals have been increasing their focus on exploiting lax practices to breach organisations’ networks and seek ways to expand their access. When considering the average employee has around 100 passwords, that’s a lot of opportunity.

What are some of the common mistakes being made when it comes to passwords?
Four of the common pitfalls when it comes to passwords are:
• Easy to guess and not in keeping with password strength requirements;
• Reused across corporate apps, personal apps and social media;
• Stored unsafely in spreadsheets, sticky notes and web browsers; and
• Passed from one user to another through email, messaging apps and more.

How can these issues be addressed?
Manage workforce passwords and secure them by protecting them and maintaining complexity over time. Recognise that all workforce users’ passwords should be protected with the same security-first approach that organisations apply to privileged users’ credentials.

Overall, when frequently used business applications are accessed outside of an enterprise’s security controls, organisations cannot track access activity, control password complexity and revoke access to applications when no longer needed.

What other tips do you have when it comes to password management?
There are five steps that any security team looking to improve how they safeguard workforce credentials should explore. These comprise a holistic, risk-based approach to Identity Security help companies apply privilege controls across the board – underscoring the fact that increased complexity calls for stronger controls for sharing and transferring passwords.

1. Intelligent Authentication: This first step is essential to blend intelligent authentication with an enhanced user experience. This calls for an adaptive form of MFA that can adjust the difficulty of authentication challenges based on real-time insights on user behaviour.

2. Security-first storage: This step involves looking for ways to introduce vault-based storage for workforce credentials, with the flexibility to devise how accounts and credentials are stored, managed and retrieved. For example, an enterprise-grade tool could provide a security admin with options to automatically store new credentials in self-hosted vaults and allow users to retrieve them without connecting to a VPN.

3. Safe credentials management and sharing: This step enables users to securely share credentials without revealing passwords, but also grants the ability to: protect privacy by controlling who can share, view and edit credentials; impose time limits on user access to specific apps; and manage the transfer of credential ownership to new users.

4. End-to-end visibility: This step requires security controls to continue past the point of authentication. Here, enterprises should look for ways to require an extra layer of protection that allows them to monitor and record all actions once a user is logged in – backed up by a full audit trail.

5. Frictionless and secure user experience: This step requires enterprises to manage and secure workforce passwords that can: integrate easily with corporate directories and third-party identity providers; recognise when users are entering credentials and offer to save them in a secure, vault-based location; securely auto-fill credential fields for a smooth and quick log-in experience; and generate unique and strong passwords for users whenever needed.