1Password has announced a suite of new features for its business password manager, bundled together as the Advanced Protection suite. This will offer business users new security measures to ensure protection for both company and employee.
Among the features are two-factor authentication, a great tool for increasing security and preventing rogue or malicious access to company information. Additionally, more control over the master password policy should ensure that all staff will follow stringent strength requirements when generating logins.
According to a study last year, 81% of hacking breaches can be traced back to stolen or weak passwords. The same study also noted that 70% of employees reuse passwords at work. If your company isn't using a password manager yet, it's probably time to start. We explain the reasons why.
Master Password, Firewall and Sign-in Attempts
Verizon's 2018 data breach investigations report made for sobering reading for many company heads and IT departments. It pinpointed that the vast majority of security breaches stemmed from poor password practice by employees.
There have been many big firms caught out already. In 2016, Dropbox had 68 million user accounts compromised, thanks to a single non-secure employee password. In 2016, an Uber employee left a vital password un-encrypted online – this was then used to hack into the company's system and leak the details of 57 million drivers. The firm was fined $148 million dollars.
Businesses need to take employee password security seriously, and a corporate password manager plan is a smart way to go about this. So, what tools has 1Password added to its business service with Advanced Protection to help prevent your company being the next one to hit the headlines?
Master password policy – Advanced Protection now allows companies to dictate the minimum, medium and strong requirements for passwords, as well as defining a custom policy for character length, numbers and symbols.
Two-factor authentication – Enables companies to enforce two-factor authentication across entire teams, including which secondary factors are acceptable validation. This can work with a physical security key, such as Yubikey, or via an authenticator app. You can read more on two-factor authentication below.
Firewall rules – You can set your own company-specific rules for Firewalls. This means that companies can choose which IP addresses to allow through, and which to block, as well as blocking users from certain countries. Companies can also choose to stop their employees from using VPNs or TOR.
Sign-in attempts – Allows companies to see attempted sign-ins, including information such as where they come from, the device that was used in the attempt and the IP address. It's also easy to group and browse failed sign-in attempts by region.
Keen to try a password manager for yourself? You can try 1Password for free
The Importance of Two-Factor Authentication
Two-factor authentication (also known as 2FA) has long been adopted by major tech companies such as Google and Apple. It provides invaluable protection to users when logging into a device or account. The way it works is that a user's password is no longer the magic key to the kingdom, if they are trying to access a site or service. Instead, they also need a second form of identification, to really prove they are who they claim.
For most services, this is typically adopted when a user tries to access content from an unrecognised device. To take Google as an example, when a user attempts to log into their account on a laptop, tablet or phone that isn't recognised, Google can send a code to their mobile phone, which they must enter on the site before they are allowed to continue.
This is just one example, and there are many any ways to approach two-factor authentication, including a dedicated authenticator app, and a physical usb key that generates code. Any of these methods adds an extra step to the login process, making it harder for nefarious access.
Not convinced? Research from Google earlier in the year found that two-factor authentication is effective in blocking 100% of bot attacks. Not only that, but it was also shown to catch many bulk phishing attempts, as well as targeted attacks. Simply put, two-factor authentication works.
Why Use a Password Manager?
Research from security software giant BitDefender has shown that the main reason for businesses making a cyber insurance claim is email compromise. In fact, illegal access to email, which can lead to a myriad of issues, from business leaks to fraud, accounted for almost a quarter of all claims.
Other issues such as impersonation fraud were also rife, according to the BitDefender report. Two-factor authentication would all but eliminate the risk of such attacks.
Businesses stand to lose the most by not using a password manager, because any company's security is only as strong as its weakest point. In many cases, poor practice from employees can putt companies at serious risk.
Using a password manager means no more staff writing down passwords that could be easily exploited, no more endless re-use of simple passwords that can easily be cracked, and measures in place to ensure that it is your own staff, and nobody else, attempting to access your sites and services.
When testing password managers, we know that the two main aspects users are interested in are simplicity and security. It might seem somewhat counter-intuitive to host a fully featured and complex password manager behind an easy to use interface, but some have managed to crack that formula.
1Password is certainly among them – in fact, in our review, we praised the service's setup and app, finding them to be inviting to even the uninitiated.
For more on this, see our overall guide to the Best Password Managers to Choose.
Tech.co is reader-supported. If you make a purchase through the links on our site, we may earn a commission from the retailers of the products we have reviewed. This helps Tech.co to provide free advice and reviews for our readers. It has no additional cost to you, and never affects the editorial independence of our reviews.