HP Tech@Work
Today's trends for tomorrow's business
Do We Need to Pass on Passwords?

Do We Need to Pass on Passwords?

You be the judge

Nearly 15 years ago, Microsoft Co-Founder Bill Gates predicted the demise of passwords. They were too unreliable, he said, noting there were other more secure ways of granting access to computers.
Gates clearly wasn’t correct about the death of the one-time login, but he certainly had it right when it came to calling-out the need for companies to move onto something else.
By now, passwords should have become passé because they are easily one of the worst security tools ever invented. The main problem is that most of us tend to choose passwords we can remember, such as 123456 - the most common password in the world. Others plug in the names of their kids, spouses or friends and add a few numbers, thinking themselves oh-so-clever and secure.
Unfortunately, neither of these approaches works. Hackers today have quick and simple access to tools, many of them widely available on the Dark Net, that can crack these simple log-ins in less than an hour.
You’ve probably heard all most of this. Yet, if you’re like 51 percent of small business leaders, you probably haven’t paid much attention because you don’t see why anyone would target you. But the truth is that you’re targeted about as often as large businesses, according to one study. In fact, more than half of malware attack victims are small businesses.
Not only that, you and your employees are probably making matters worse by not exercising common sense when it comes to where you use various passwords. For instance, it’s simple common sense that you wouldn’t use the same passwords everywhere.
After all, if a hacker manages to steal your Facebook password, and it’s the same as your BofA log-in, they get instant access to your money. Yet, 59 percent of respondents in a LastPass survey admit to doing this anyway because it’s too hard to remember multiple logins.
For all their weaknesses, passwords are an unfortunate fact of life. They’re not going away anytime soon. In fact, the number of passwords is expected to triple to around 300 billion worldwide by 2020. That’s why it’s so important for business owners to adopt alternative security tools and policies that will help shore up their security postures and avoid attacks that will shut down their businesses.
Here are 5 things everyone can do to make sure passwords don’t become the death of them:

1. Mandate quarterly password changes

Most security experts will say it’s necessary to update passwords at least every three months because, whether you realize it or not, your passwords are compromised all the time.
You may not know it, but odds are that, within a year’s time, your employees’ passwords will land on some Dark Net site where they can be purchased and exploited by cybercriminals looking to steal your records or cash. The longer compromised passwords remain active, the higher the risk that bad guys will penetrate your network.

2. Require strong passwords

If you are allowing your employees to select any password they like, you are putting your business in jeopardy. It’s that simple.
When employees are prompted by your IT department (or you) to change their passwords every quarter, they should also be required to plug in strong passwords. These PINs need to be complex, involving a random series of characters, symbols, numbers and cases. The more intricate and lengthy they are, the safer your business network will be.

3. Adopt Multi-Factor Authentication (MFA)

The term “multi-factor authentication” sounds technical, but it’s really very simple. It just means that, in addition to passwords, you require a second way of getting into a network. It’s a little like having a key to the front door but also making someone plug in a combination before entering your home.
When Mr. Gates evangelized the end of the password, one the most common ways of accomplishing this was through a token card that generated a random set of characters users would plug into a computer after entering their password. The RSA SecurID was one of the best known digital keys and is still popular today.
However, there are a host of biometric methods that are easier to use. For instance, many laptops and smartphones now come with optional fingerprint readers. We’re also seeing other interesting options emerging, such as facial recognition, heart rate authentication and Apple’s Face ID and Windows Hello, which are option on select HP products.
Every business should evaluate and strongly consider each of these options as logical security reinforcements for vulnerable employee passwords.

4. Keep passwords out of sight

The worst habits of workers die hard, and one of these is jotting down passwords on sticky notes, in notebooks or spreadsheets or in email folders.
We all do these things. After all, we trust our fellow employees, and most of us don’t expect someone to be standing over our shoulders waiting to jot down our passwords. Unfortunately, hackers come in many forms. They can be part-time workers or the night janitor. They can be contractors trolling the hallways. They can be disaffected colleagues. And they can even be industrial espionage spies. You never know.
That’s why businesses need to have a strong policy in place that not only discourages employees from being careless with passwords but penalizes them in some way, possibly including termination, if their negligence allows passwords to fall into the wrong hands.
Organizations might also consider providing employees with computer screen protectors that make it difficult for someone to see you entering a password or any other content. For that matter, HP® offers an optional, integrated HP Sure View privacy screen with touch screen versions of its HP EliteBook 1040 laptops that are worth considering.
With almost 60 percent of employees taking their work outside office walls, HP Sure View integrated privacy screen helps users work confidently from any location without fear of data on the screen being exposed to visual hacking.

5. Offer password management options

Did we mention remembering and managing passwords can be painful?
Fortunately, there are a host of pretty good password management systems, like LastPass, that make doing this simple. As a concerned business owner, think about offering one of these solutions to employees.
With these programs, users enter the sites they frequent and input logins and passwords for each. That information is then auto-filled when they visit those online locations. It’s easy to regularly update passwords through the app without having to remember them each time.
And while no application is 100 percent secure, most of these solutions are built around some form of hard encryption. Prices start at about $2.50 per month for individual users and $4 per person each month for businesses.
Passwords are one of the weakest forms of user authentication ever invented, but they are here with us for the foreseeable future. As such, everyone needs to take steps to buttress their networks with other more modern security tools and practices.

Disclosure: Our site may get a share of revenue from the sale of the products featured on this page.

More about these products
Disclaimer

Prices, specifications, availability and terms of offers may change without notice. Price protection, price matching or price guarantees do not apply to Intra-day, Daily Deals or limited-time promotions. Quantity limits may apply to orders, including orders for discounted and promotional items. Despite our best efforts, a small number of items may contain pricing, typography, or photography errors. Correct prices and promotions are validated at the time your order is placed. These terms apply only to products sold by HP.com; reseller offers may vary. Items sold by HP.com are not for immediate resale. Orders that do not comply with HP.com terms, conditions, and limitations may be cancelled. Contract and volume customers not eligible.

HP’s MSRP is subject to discount. HP’s MSRP price is shown as either a stand-alone price or as a strike-through price with a discounted or promotional price also listed. Discounted or promotional pricing is indicated by the presence of an additional higher MSRP strike-through price

The following applies to HP systems with Intel 6th Gen and other future-generation processors on systems shipping with Windows 7, Windows 8, Windows 8.1 or Windows 10 Pro systems downgraded to Windows 7 Professional, Windows 8 Pro, or Windows 8.1: This version of Windows running with the processor or chipsets used in this system has limited support from Microsoft. For more information about Microsoft’s support, please see Microsoft’s Support Lifecycle FAQ at https://support.microsoft.com/lifecycle

Ultrabook, Celeron, Celeron Inside, Core Inside, Intel, Intel Logo, Intel Atom, Intel Atom Inside, Intel Core, Intel Inside, Intel Inside Logo, Intel vPro, Itanium, Itanium Inside, Pentium, Pentium Inside, vPro Inside, Xeon, Xeon Phi, Xeon Inside, and Intel Optane are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

In-home warranty is available only on select customizable HP desktop PCs. Need for in-home service is determined by HP support representative. Customer may be required to run system self-test programs or correct reported faults by following advice given over phone. On-site services provided only if issue can't be corrected remotely. Service not available holidays and weekends.

HP will transfer your name and address information, IP address, products ordered and associated costs and other personal information related to processing your application to Bill Me Later®. Bill Me Later will use that data under its privacy policy.

Microsoft Windows 10: Not all features are available in all editions or versions of Windows 10. Systems may require upgraded and/or separately purchased hardware, drivers, software or BIOS update to take full advantage of Windows 10 functionality. Windows 10 is automatically updated, which is always enabled. ISP fees may apply and additional requirements may apply over time for updates. See http://www.microsoft.com.

“Best All In One Printer” and “the easiest printer you’ve ever had to set up” from Wirecutter. ©2020 The Wirecutter, Inc.. All rights reserved. Used under license. https://www.nytimes.com/wirecutter/reviews/best-all-in-one-printer/

Get Marvel’s Avengers when you purchase HP gaming PCs with qualifying 9th gen or 10th gen Intel® Core™ i5, i7 and i9 processors. Redemption code will be sent out by email within 60 days of purchase. Limited quantities and while supply lasts. Offer valid thru 12/31/2020 only while supplies last. We reserve the right to replace titles in the offer for ones of equal or greater value. Certain titles may not be available to all consumers because of age restrictions. The Offer may be changed, cancelled, or suspended at any time, for any reason, without notice, at Intel’s reasonable discretion if its fairness or integrity affected whether due to human or technical error. The Offer sponsor is Intel Corporation, 2200 Mission College Blvd., Santa Clara, CA 95054, USA. To participate you must create an Intel Digital Hub Account, purchase a qualifying product during the redemption period, enter a valid Master Key, and respond to a brief survey. Information you submit is collected, stored, processed, and used on servers in the USA. For more information on offer details, eligibility, restrictions, and our privacy policy, visit https://softwareoffer.intel.com/offer/20Q3-19/terms.

© 2020 MARVEL. © Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. Other names and brands may be claimed as the property of others.

The personal information you provide will be used according to the HP Privacy Statement (https://www8.hp.com/us/en/privacy/ww-privacy.html)