Skip to content

Are Passwords a Threat to Enterprise Security?

Enterprise security attackers are growing in number and sophistication. Organizations are only one password away from it being their worst day. To that point, is it time to ditch all those annoying, hackable passwords and live in a passwordless society?

Passwords have been the primary method of authentication for decades. While they have served their purpose and served it well, there may be better alternatives for protecting your mission-critical data and digital resources. As technology advances, cybercriminals find new ways to steal corporate credentials, making password security less effective.

In fact, according to a recent study, 81% of company data breaches were due to poor passwords. Password reuse is of particular concern as it could lead to credential stuffing attacks where threat actors take advantage of reused credentials by automating login attempts against systems using known emails and password pairs.

The same report revealed that 80% of hacking incidents were caused by stolen or reused login information.

These attacks weren’t on small companies with limited resources and weak cybersecurity protocols. They were on household name enterprises such as Ticketmaster, GoDaddy, Microsoft, SolarWinds, and even the New York City Law Department. In the case of SolarWinds, the hackers could get in with a weak password an intern had been using (“solarwinds123”), which was publicly accessible via a misconfigured GitHub repository.

Not only are passwords less secure, but they are also productivity inhibitors. In another recent report on passwordless security, 45% of respondents indicated that a passwordless approach to security would increase productivity.

In addition to weak passwords and credential reuse, passwords can be a hindrance to enterprise security in several ways:

  1. Passwords can be easily compromised: Bad actors can steal or hack credentials using various methods, such as phishing, brute force attacks, or social engineering.
  2. Password Sharing: Employees may share their passwords with others, which can put enterprise data at risk. Password sharing is especially problematic when employees leave the company or change positions, as they may be disgruntled or their old passwords remain active.
  3. Human Error: Employees may inadvertently reveal passwords through phishing scams or other social engineering tactics, which gives attackers access to enterprise data even if they do not have the correct login credentials.
  4. Lack of Two-Factor Authentication: Passwords alone may not be enough to secure enterprise accounts. Two-factor authentication can add an extra layer of security.
  5. User frustration: Password policies can frustrate users who must remember multiple passwords, adhere to strict complexity rules, and change them frequently.
  6. Cost of password management: Organizations need to invest in password management systems, such as password policies, training, and resets. These systems can be costly and time-consuming.

Given these reasons, enterprises should consider more secure alternatives to password security, such as Zero Trust, biometrics, multi-factor authentication, and certificate-based authentication. As compromised credentials continue to be a common attack vector, it only takes one nefarious login to bring a company to its knees. Of course, enterprises can’t just suddenly pull the plug on passwords altogether, but it is an option worthy of consideration.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit, and follow us on Twitter and LinkedIn.。



Click one of our contacts below to chat on WhatsApp