Can employees be incentivised to create stronger passwords?
Updated Research continues to show the struggle of the password in keeping enterprise security. But is there a solution to keep employees – and employers – in shape?
In June, survey data from Centrify found that one in three admitted suffering from ‘password rage’ – one in six were so frustrated they screamed or shouted in the office, while one in seven admit they tear a strip off their colleagues. Back in January, research from SailPoint showed 14% of respondents would give their work password to a third party organisation if the price was right.
With that in mind, these comments from Dropbox head of trust and security Patrick Heim are particularly interesting: potentially offering employees incentives, in this case free storage, to bulk up their passwords.
The comments from Heim, as reported by V3, shows the number one challenge for the cloud storage provider as users reusing credentials across multiple websites. To avoid remembering multiple passwords, the likes of password managers and two-factor authentication have long been available. Dropbox recently added two factor authentication to and tiered administrative controls to its product.
If you do this, Heim notes, you’re in “pretty good shape” – but there’s a big gap between those who do this and those who don’t. Changing consumer attitudes is difficult, therefore Dropbox is looking at issuing a security ‘health check’ to identify levels of authentication and data sharing settings for users, and those who go through it will be rewarded with free storage.
David Lavenda, VP of marketing and product strategy at harmon.ie, argues Dropbox “is doing the right thing” with this proposed play. He told Enterprise AppsTech: “Dropbox needs to make a play for the enterprise to maintain its leadership. It’s already being used by business people; it needs to find a way not to be kicked out because of security concerns, so what they are doing makes sense.
"If they can crack the security code, they have a very long runway to success,” he added. “Focusing on this problem by offering incentives makes total sense in the prosumer type of environment in which they play.”
Poor password management is said to cost businesses thousands per year; more research from Centrify, this time back in October, found employees waste on average £261 a year in company time trying to manage multiple passwords.
It’s worth noting that cloud storage is a fairly straightforward commodity for the vendors involved; Microsoft, for example, offers free OneDrive storage to anyone who is an Office 365 subscriber. Similarly, Dropbox has made a concerted push in recent months to beef up its security plays, with the company praised for its response to a major vulnerability in the Android SDK, as well as certification with the emerging ISO/IEC 27018 privacy standard.
Dropbox declined to make further comment. Do you agree employees can be incentivised to create stronger passwords?
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.
- » How CIOs must address the most pressing cybersecurity issues of 2020: A guide
- » How the CIO needs to see the evolution of no-code platforms: Security, ML, and democratising data
- » IDG’s State of the CIO 2020: Changing responsibilities and becoming more customer-centric
- » 10 ways to own your cybersecurity in 2020: Passwords, practice and prevention
- » The 10 ways asset intelligence improves cybersecurity resiliency and persistence