Imagine if you took a set of keys that unlocked every single door in your office and stashed the key ring in the bushes outside of your door. If this sounds ridiculous (as it should), then why is it that you essentially take the same approach with your company’s passwords?
Chances are likely, in other words, that many of your employees—with or without your knowledge—have files stashed on their computers that contain passwords to just about every website in their personal and private lives. From Facebook to Dropbox to online email accounts, password lists are the proverbial key to the castle; and they’re threatening to bring down your entire enterprise.
For proof of this, look no further than what happened at Sony last fall. After the company’s recent high-profile data breach, it was discovered that there was a folder titled “Password” on the network. This folder contained over 100 Word documents, spreadsheets, PDFs and other files that contained passwords to a multitude of private accounts—literally a trove of digital information.
So, what can you do to prevent this from happening? First, take a hard look at how your company is using passwords in your enterprise. You would be ill-advised to use passwords as your primary method of end user authentication unless the password is backed up with additional security elements like voice biometric identity verification or security questions. If your company is still relying heavily on passwords, however, make it your personal mission to ban password lists on PCs and mobile devices.
There are a few steps you can take aside from banning passwords like discouraging your employees from migrating their files into one central location. After all, keeping every password together is a bad idea especially if they are kept in a physical notebook. Instead, your company should leverage Single Sign On (SSO) solutions, which provide the ability to log into multiple accounts using one password. This can drastically reduce the amount of information for which employees need to keep track. You could also encourage company staffers to keep passwords stored in memory only, which is by far the safest measure you can take; instead of writing down actual passwords, have them jot down hints or password recall prompts that will help them remember the information should they forget.
Employees should also feel comfortable emailing the IT department in the event that they forget their passwords. IT can send temporary codes to reset the information and handle the problem in a secure manner.
VoiceVault, a leading provider of voice biometric identity verification solutions, can help you streamline the authentication process through its advanced line of voice recognition products. You can find out more information about how VoiceVault can keep your enterprise secure by reading this white paper.