GUEST ESSAY: Why automating distribution of strong passwords to employees is wise to do

By Julia O’Toole

Passwords have become ubiquitous with digital. Yet most people don’t know how to use them properly. The humble password is nothing more than a digital key that opens a door.

Related: The coming of passwordless access

People use keys to open their house, office, garage or car. And they use passwords to open a device, a system, an account, a file and so on.

But the similarities stop here. In the physical world, people are not required to make their own keys; keys are given to them by a landlord, a locksmith, or an employer. Whereas in the digital world, people are required to make their own passwords, which they then have to remember and type every time.

Which begs the question: why do people create their own passwords? In truth they don’t need to. Just as they don’t need to hammer their own keys. All they need is to receive, retrieve and use them.

Cybersecurity’s blindspot

This misunderstanding has real implications for companies as it takes away their ability to be cybersecure. From the moment companies let their employees create their own passwords, they transfer their network command and control, financial risks and liabilities to their employees.

They also create a huge cybersecurity “blindspot” and potential surface of attack, as they have no idea if and when passwords are shared, stolen or phished. Finally, as the human brain cannot create and remember multiple complex and unique passwords, they set their employees up to fail, as people keep using passwords like 123456, the same password or a password pattern they can remember.


That explains why over 80 percent of data breaches start with weak, reused, and stolen passwords through password phishing, social engineering, brute force attacks and credential stuffing. Hackers don’t need to hack in, they just log in.

With more victims, they harvest more credentials, which lead to more victims. After the Covid-19 pandemic pushed people to work from home, this cyber pandemic has only worsened, allowing more and more ransomware attacks.

Automated distribution

Just as employees don’t bring their own keys to the office, they should not bring their own passwords to the digital office. A much better way is to integrate an innovative technology that distributes encrypted, unique passwords to the employees that only they can use to access each separate device, account, file, or system.

Helpfully, this innovative solution is easy-to-implement and doesn’t require any change of infrastructure. It relieves employees from the burden of creating, memorising, and typing passwords.

And contrary to single access solutions, where hackers only need one key to gain access and take all, it segments each access so that each password only opens one door, which ensures cyber-resilience and cybersecurity. In case a password is stolen, for example in a supply-chain attack, only one system is infected and, by default, contained, while the other systems stay safe.

Segmenting access

This segmented access system completely removes the concept of identity or trust from access. Just as your door doesn’t need to recognise your identity when you go home: if you have the key, you can enter; otherwise, you can’t no matter who you are.

When a new hire starts a new job, he or she receives encrypted passwords, stored in a digital fortress that only that user can access after multiple levels of security. Each system has a different password which the user can click to open a system, without ever seeing what the password is, just like when they use a fob or card to open a door.

The system also allows companies to see who has accessed their passwords, similar to a building access monitoring system, which further helps tracking access in case there is a breach.

When people leave a company or department, companies can instantly remove their passwords. Plus, since they never knew their passwords in the first place, they can’t keep and pass them around. In exactly the same way as employees hand over their keys, badges, and cards to access company building, lifts or offices when they leave. That removes the risks of unauthorised access via old accounts when people leave.

An encrypted password distribution system not only allows companies to take back control of their own access, it also removes the need to invest in educating employees on password hygiene, a taxing task for the brain which it was never meant to do in the first place. Freeing up their time to invest in more productive work.

This approach not only simplifies employees’ lives (as there are no more passwords to know, so no more password resets) it also eliminates all the security risks and costs attached to human behaviour and the huge problems associated with stolen, phished, or shared passwords.

Finally, this type of zero-trust system is completely future-proofed, as you can make the keys increasingly complex. To resist the upcoming threats of quantum computing, companies can easily use billions-character-long passwords, since it is just a string no one needs to see.

About the essayist: Julia O’Toole is the founder and CEO, MyCena Security Solutions, which supplies a mobile app that transforms your smart device into a portable digital vault.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone