Changing passwords regularly costs top companies in the UK around $156 million a month – which is why businesses should stop trusting human beings to come up with them, a cybersecurity firm has asserted.
Ahead of World Password Day on May 4, MyCena Security Solutions appears to be going against the grain, stating that even having one ‘master-key’ otherwise known as single-sign-on (SSO) only exacerbates problems for wealthy corporations. Instead, corporations should trust the machines and use only randomly generated codes to access work devices.
Citing research by Statista and Forrester, which found that more than half of employees change their online access code monthly, at a cost of $70 a time, MyCena claims that this amounts to a big waste of money on a security system that has been repeatedly tested and found wanting.
“During this year’s World Password Day, security companies will promote single access solutions such as passwordless, Single Sign-On, Privileged Account Management, Zero Trust and biometrics,” said MyCena. “But it’s an old misconception that they can improve security. Employees are still the gatekeepers who make and control access keys.
“Except that instead of making fifty keys to open fifty doors, the employee makes just one key that opens fifty doors. Now the attacker only needs to find that key, escalate privilege and access the entire corporate network.”
The total cost of this flawed system adds up to a staggering $1.7 billion a year, MyCena claims – and that’s just for FTSE100 companies, the hundred biggest players in the UK stock market.
Instead, the company, which admittedly has a vested interest as a provider of alternate cybersecurity tools, is urging companies to adopt random-password generators, which Cybernews explains here. By taking knowledge of access codes out of human hands, its reasoning goes, the probability of human error is eliminated.
“Password resets bring significant costs to businesses which can be totally avoided,” said its CEO Julia O’Toole. “They are a mere symptom of having employees control the keys to the house. If businesses revert to controlling their own access and passwords, there would be no password to remember or forget, and therefore, no need for password resets at all.”
MyCena further claims that adopting random password generators would save FTSE100 firms a cool $300 million a year.
“When employees don’t know their employer’s passwords, they can’t lose them, forget them, or hand them over in phishing scams. This provides a genuine remedy to the security issues associated with passwords and at the same time, removes costly password resets entirely from the business,” said MyCena.
O’Toole added: “There is no need to constantly change the door locks in offices, factories or plants. When employees know the passwords, businesses are vulnerable to employees getting their passwords phished, which is the leading cause of breaches.”