Making Passwordless Possible
Why your business should go passwordless using LastPass – and how to give employees a frictionless login experience.
80% of breaches are still caused by weak or reused passwords, and 76% of employees experience regular password problems. When faced with the ongoing resource drain and security risks of passwords, what should small business owners do?
Use LastPass, and forget your passwords!
Eliminating passwords might seem impossible, but the right combination of technologies can remove password-related obstacles. But why should your business even consider moving beyond the password? Going passwordless offers several benefts to your organization:
The risks of passwords – especially ones that are weak, reused, and poorly-managed – are well known. Nearly 80% of breaches caused by hacking, feature the use of stolen credentials. When you remove passwords from the picture. you significantly reduce the possibility of a password-related breach.
In an average business, 77% of employees use a 3rd-party cloud app without the approval or knowledge of business owners. Employees also tend to store company data on unsanctioned cloud services. In short, small business owners lack clear visibility into employee access across their business. Technologies that replace or eliminate passwords give IT and the business owner the oversight they need to make that visibility and control possible.
The average employee struggles to manage over 100 passwords, so it is no wonder that 59% of people mostly or always use the same password. Employees just want their technology to be fast and easy-to-use. Going passwordless means employees are connected to their work tools more quickly while eliminating time-wasting obstacles like lockouts, resets, and frequent password updates.
Here at YCD, we spend a large proportion of our time on password-related support. We help people who have forgotten the passwords that we’ve previously issued to them. We help people recover accounts that they are locked out of after repeated failed login attempts. We also feel like we’re constantly advising people not to use the same password for more than one resource. LastPass password management helps you to reduce your own business costs by removing the need to call us for password reminders.
How to go passwordless
First, you need to collect all your passwords into one central location.
Part of the reason passwords continue to be such a challenge is that employees are left to manage them on their own. Start by giving employees a Password Management (EPM) solution that captures and stores every single password in use.
Employees no longer have to worry about remembering credentials – the password manager fills them instead – and as a business owner, you now have visibility into the password hygiene for every login, for every user. Passwords may not be eliminated yet, but employees must only remember one master password, so its a big step in the right direction.
Once you have everything in one place, LastPass will automatically advise users on how they can improve their security score. This, in most cases, will be by showing the user where they have used the same password multiple times – and offering them help to improve this.
LastPass can generate random passwords and assist your users in changing the passwords across the resources they have registered. Once you’ve done it a couple of times, this becomes second nature. Within a short time you’ll end up with every password being random and unique – across the business.
Over time, your staff will only need to remember the password to log them into LastPass. Once they’re in there, LastPass will help them log in – wherever they go.
Cyber security experts are encouraging every IT administrator to make sure that nobody shares a login. It makes complete sense, but we have to be realistic about this. At present, we know that businesses have single logins to supplier web sites that each employee needs to know. Eventually, that web site will need to create a login for each employee of each of their customers but, for now at least, we need a way for teams to use the same login.
LastPass has many team-based sharing options. You can have multiple goups of people (Sales, Accounts, Management etc) and each team can have access to shared login credentials. If you wish, you can even hide the password from your staff so that they can’t copy it and use it from home.
It doesn’t stop at passwords either. There are multiple types of records in LastPass. You can store payment card information, passports, membership details, software licenses, wifi keys… the list goes on!
FAQ: How does a unique password help?
Imagine that you register an account with a web site and you use a password. Then imagine that this web site gets hacked and all of the username/password combinations are harvested and sold on the dark web (yes, this is what happens!).
Other hackers will get hold of these logins and use automated programs to try those username/password combinations on other web sites to see if they can log in. Chances are, if you’ve used the password more than once, then they’ll find some success.
From here, they can add to their data with some additional personal information about you. This could be used to build a picture detailed enough to take out a mobile phone contract in your name, for example. Alternatively it might gather information about your mannerisms and how you tend to communicate with others – which can then be used to create a phishing email to your peers that appears to be written in your style. If they get lucky, they may even have access to something that enables them to make fraudulant financial transactions.
Why take the risk? Simply using a unique password would have prevented all of the above.
FAQ: It seems really dangerous to store all our passwords in a database. Should I be worried?
Lastpass is an encrypted environment. This means that the data stored on LastPass’ servers is encrypted and their staff are unable to read your passwords.
Also, if someone discovered your login details, then they would still be unable to log in as you as they would be unable to provide the 2-factor authentication challenge (using an app associated with your mobile phone).
LastPass is an important step towards reducing your cyber security risks.
Regardless of size, we would advise every business to use LastPass. It’s great for sole traders, and it’s simply awesome for large teams.