Access management provider OneLogin has launched a first-of-its-kind browser extension designed to protect organisations against “identity reuse, weak password practices and phishing”, the top cause of data breaches.
Poor password hygiene presents a significant security risk for enterprises. According to the 2019 Verizon Data Breach Investigations Report, 80% of hacking-related breaches involve compromised or weak credentials. Despite this, 65% of organisations don’t check employee credentials against common password lists, according to OneLogin.
To remedy this, the company has developed a tool designed to protect enterprises against weak passwords among employees. Known as Shield, the password management tool, available as a Google Chrome extension, will notify users when they use a common password that may be easily compromised.
Earlier this year, the National Cyber Security Centre (NCSC) published a list of the most regularly used passwords, with “123456”, “qwerty” and “password” coming out on top. The NCSC urges people to avoid passwords that can be easily guessed.
OneLogin takes on password reuse
Shield also alerts users when they are using the same password across different websites. According to research by Virginia Tech University and password manager Dashlane, 52% of the users use the same or similar passwords for different websites.
Venkat Sathyamurthy, chief product officer at OneLogin told Verdict that repeating passwords, particularly across personal and professional accounts, can put businesses at risk:
“Password reuse is rapidly becoming the bane of many IT departments working lives. The internet is awash with billions of stolen passwords that are increasing the risk of a potential data breach for enterprises. This is due to employees using personal passwords not only for their non-work apps but for the tools they use during the working day.
“It turns out that a majority of people reuse passwords for work and personal accounts. So, if a hacker gets an employee’s Facebook or LinkedIn password, there’s a good chance that hacker can get into one of your company’s apps using the same password.”
As well as alerting users to possible poor password hygiene, Shield also protects users against phishing, by identifying when a website may be fraudulent or attempting to trick them into entering personal details.
To ensure user privacy, OneLogin has said that Shield does not analyse or store passwords, but instead analyses password hashes to identify password reuse. Sathyamurthy believes that businesses should be doing more to ensure that good password hygiene remains a priority:
“Improving password hygiene for employees should be at the top of the agenda for all enterprises. Brute force, credential stuffing and similar attacks are on the rise, making weak passwords one of the biggest risks in the enterprise.
“Enterprise need to be doing more to stop this threat evolving, and this low effort, high impact application through one of the most used browsers, Google Chrome will eliminate the friction of password management for many IT departments and employees.”