Businesses need password security more than ever as threats evolve alongside technology, according to LastPass.
The password management vendor’s chief marketing officer (CMO), Esther Flammer, said shadow IT had become one of the “greatest areas of threat”, alongside unmonitored apps.
“Unsafe password practices are leaving companies exposed,” she wrote via the LastPass blog. “Forgotten credentials are ticking time bombs of vulnerability. One weak password, displayed for all to see, is all it takes.”
But Flammer said that password management has often been treated as an afterthought.
Rather than something that only the IT department needed to care about, password security should be everyone’s responsibility.
Instead, the current situation in many organisations was “chaos”.
“It’s sticky notes on computer screens, handwritten scrawls in journals, or rows upon rows in spreadsheets. Or it’s a walking, talking paper explosion,” she said.
Best-practice password management, on the other hand, took in data protection as well as access control requirements. As a result, LastPass was driving its solutions towards end to end, centralised protection with “total visibility”.
“Your security is only as strong as your weakest password,” Flammer said.
Businesses must be guided away from outdated practices like unmanaged access. Every login should be protected and private, while remaining “within reach” of those who need to use it.
LastPass goes deeper, beyond password security
LastPass has trumpeted its multi-year, multi-million-dollar investment in security, including into identity and access management (IAM) opportunities, through 2024.
Accordingly, LastPass chief executive Karim Toubba blogged in Q4 about refashioning the company.
“We assembled a new, fully-dedicated security team,” he wrote. “We also launched a new threat intelligence, mitigation and escalation (TIME) team, which we believe is the first of its kind among password managers.”
The vendor has continued to maintain certifications including SOC2 Type II and ISO 27001 while complying with privacy and security standards such as SOC3, BSI C5 and TRUSTe.
“Lastly, we completed a full assessment of our technology stack, across our infrastructure, products and devices.”
( Image by Pete Linforth from Pixabay )
