CyberCX has released its annual Digital Forensics and Incident Response Year in Review Report for 2023 →

How do you convince users to use a password manager and stop re-using passwords?


Answered by Mark Hofman, Chief Technology Officer, CyberCX

We know people constantly reuse passwords, as we are all creatures of habit. Although it’s not best practice, if it’s an online newspaper subscription and a few other low risk websites, generally it doesn’t cause much harm. However, using that same password to secure your bank or corporate accounts can put critical information at risk.
The benefit of using a password manager is that strong passwords are often cumbersome and hard to remember, furthermore if they are regularly changed, they can be difficult to keep track of. A password manager will help your staff create very strong passwords, across multiple accounts, without ever having to remember them. This benefit is key to getting your staff onside with your initiative, as they may find it is more convenient than their current way of working.

Some staff will be legitimately concerned that someone could get a hold of the master password and therefore have access to everything stored on the password manager. But if it is secured with one strong and unique password, this information should be safe and secure. Passphrases are useful here because they are memorable and they are not reliant upon a single point of failure, so promoting these will help to secure the password manager.

This is one of the fundamental problems that we face in cyber security. It is a complex business, but these small, simple changes can dramatically reduce the threat vectors for organisations.

View our 5 easy steps to improve your cyber resilience.

Cyber Resilience Strategies

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.