The preliminary onboarding stage is an important step for each staff and employers. Nonetheless, this course of typically entails the observe of sharing short-term first-day passwords, which may expose organizations to safety dangers.
Historically, IT departments have been cornered into both sharing passwords in plain textual content through e mail or SMS, or arranging in-person conferences to verbally talk these credentials. Each strategies carry inherent dangers, from man-in-the-middle assaults to the straightforward human error of password mismanagement. This vulnerability creates openings for hackers, who will goal to make use of weak or intercepted passwords to realize unauthorized entry to company techniques.
On this put up, we discover the pitfalls of conventional password distribution strategies throughout worker onboarding and introduce an answer that enhances safety with out compromising the convenience of entry for brand new hires. It is potential for organizations to safeguard their digital environments proper from the beginning, making certain a safe and easy transition for brand new workforce members.
Do short-term passwords keep short-term?
Short-term passwords pose vital safety dangers primarily as a result of they’re typically not modified by finish customers, regardless of their meant short-term use. These passwords are usually set to get replaced by the consumer after their first login; nonetheless, this important step might be neglected or missed as a consequence of varied causes reminiscent of consumer negligence or technical points throughout the onboarding course of. When short-term passwords aren’t up to date, they continue to be susceptible to assaults as a result of they’re often weaker and extra predictable.
The dangers related to short-term passwords are compounded by the truth that they’re typically easy or comply with predictable patterns, making them straightforward targets for brute pressure or dictionary assaults. Specops analysis discovered tens of 1000’s of malware-stolen credentials with base phrases like ‘welcome’, ‘visitor’, ‘consumer’, and ‘change’ from the previous 12 months alone. Finish customers won’t change these passwords as a consequence of a lack of information about safety practices or just because the system doesn’t implement a password change upon first login. Moreover, if these passwords are shared in plain textual content, they are often intercepted by unauthorized events.
An actual-life instance of a breach ensuing from the misuse of short-term passwords is the incident involving the SolarWinds software program firm. Attackers had been capable of entry the corporate’s Orion platform utilizing a easy, publicly recognized password: “solarwinds123”. This password was meant to be short-term however was by no means up to date, main to an enormous and notorious cyberattack that compromised impacted many organizations.
Dangers of conventional password sharing
Historically, organizations have relied on two principal strategies to share first day passwords with new staff, every carrying its personal set of safety dangers. The primary methodology entails sharing passwords in plain textual content, usually through e mail or SMS. This method is simple and sometimes used as a consequence of its simplicity and comfort. Nonetheless, it poses vital safety dangers. Plain textual content communication might be intercepted by cybercriminals via man-in-the-middle assaults. As soon as intercepted, these credentials can be utilized to realize unauthorized entry to company techniques, doubtlessly resulting in information breaches and different safety incidents.
The second conventional methodology is sharing passwords verbally on the worker’s begin date. This will happen both in individual or over the telephone. Whereas this methodology reduces the chance of interception in comparison with plain textual content digital communications, it nonetheless has vulnerabilities. Verbal sharing relies upon closely on the supply and coordination between IT employees and the brand new worker, which might be logistically difficult and vulnerable to errors. On high of that, if the password is shared via a 3rd celebration, reminiscent of a supervisor, it introduces one other layer of threat the place the password could possibly be mishandled or inadvertently disclosed.
Each strategies, whereas generally practiced, fail to supply a safe and dependable technique of dealing with delicate info reminiscent of passwords. They expose organizations to potential safety breaches and do not align with greatest practices for info safety administration.
Securely onboard new customers with out short-term passwords
Onboarding new customers in a safer method is essential for shielding organizational information proper from the beginning. Specops Software program now provides its First Day Password function as a part of Specops uReset to deal with the safety gaps inherent in conventional password distribution strategies throughout the worker onboarding course of.
This instrument revolutionizes how passwords are dealt with by eliminating the necessity to share preliminary passwords instantly with new customers. As a substitute of receiving a brief password that could possibly be intercepted or insecurely dealt with, new staff are empowered to set their very own passwords via a safe system.
Here is the way it works: upon becoming a member of, new staff obtain an enrollment hyperlink through textual content, private e mail, or via a “reset my password” hyperlink on their domain-joined machine. This hyperlink takes them to a verification display the place they verify their identification utilizing their private e mail or cell quantity. As soon as verified, they proceed to a dynamic suggestions display the place they’ll create their very own password in compliance with the group’s password coverage.
This methodology not solely secures the password creation course of but in addition integrates seamlessly with different Specops merchandise like Specops Password Coverage with Breached Password Safety. This instrument enhances safety additional by encouraging the creation of longer passwords and blocking the usage of over 4 billion recognized compromised passwords. This complete method ensures that from day one, finish customers have safe, compliant passwords, considerably lowering the chance of cyber threats.
Through the use of Specops’ First Day Password and its built-in safety features, organizations can present a safer onboarding expertise that protects each the brand new consumer and the corporate’s digital property. Communicate to an skilled to find out how First Day Password might slot in along with your group.