Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Password Management. Show all posts

Strengthening Password Security: Addressing Misconceptions and Best Practices

 

According to recent research by the Institution of Engineering and Technology (IET), conducted to mark World Password Day, only one in five people in the UK can correctly identify a secure password over a risky one. This alarming statistic underscores the widespread lack of awareness and understanding when it comes to password security among the public. 

The study revealed that despite expressing concern about the possibility of being hacked in the future, a significant portion of the population continues to engage in risky password practices. For example, 20% of respondents admitted to using the same password for multiple websites and devices, a practice strongly discouraged by cybersecurity experts. 

Additionally, many individuals rely on easily guessable passwords, such as pet names or significant dates, further compromising their online security. Despite the prevailing fear of cyber threats, there exists a notable discrepancy between public perception and best practices in password security. While 84% of respondents believe that hackers are becoming more inventive, many still hold misconceptions about what constitutes a secure password. 

For instance, a significant portion of the population mistakenly believes that replacing letters with numbers in passwords enhances security, when in reality, this practice does little to deter sophisticated cyberattacks. Dr. Junade Ali, a cybersecurity expert and IET fellow, highlighted the critical importance of strong passwords in today's digital landscape. Weak and predictable passwords serve as easy targets for cybercriminals, who employ various tactics, including credential stuffing, to gain unauthorized access to multiple accounts. Credential stuffing exploits the common practice of using the same password across multiple platforms, allowing hackers to compromise multiple accounts with minimal effort. 

To address these vulnerabilities, the IET has issued recommendations aimed at improving password security awareness and practices. Among these recommendations is the suggestion to create randomly generated, long, and unique passwords for each website or online service. Longer passwords are generally more resistant to brute-force attacks and provide an added layer of security against unauthorized access.  

Additionally, the use of a reputable password manager is encouraged to securely store and manage passwords across various platforms. Password managers not only simplify the process of generating and storing complex passwords but also provide alerts in the event of a data breach, allowing users to take immediate action to protect their accounts. 

By following these guidelines and adopting strong password security practices, individuals can significantly enhance their defenses against cyber threats and safeguard their sensitive information online. As cyberattacks continue to evolve in sophistication, proactive measures to strengthen password security are essential in mitigating the risk of unauthorized access and data breaches.

Here's Why Passkeys is a Good Option to Safeguard Your Data

 

The future belongs to passkeys. Even though you may not be using them yet, the time is quickly approaching when we won't need to create or remember passwords and will only need to use our username and biometrics to log in. 

However, it's evident from recent discussions with people outside of the tech sector that most customers don't even comprehend passkeys, much less trust them to safeguard their sensitive information and identities.

A passkey, in its simplest form, is an encrypted identity system that is localised and frequently employs biometrics for authentication. When you log in again, the system that you created the passkey for will read your shared user ID and request authentication (the passkey). The biometric security system you now have on your computer or phone can then be used for authentication. This might be an iris scan, facial recognition, or fingerprint. 

The system you are login into or yours does not ask for a password at any point during this process. To put it more tactically, let's say you go to Gmail and type in your user ID. After the mail platform accepts the ID, it issues a challenge that your passkey must locally answer in order to return a signature. The system can now request the biometric authentication that you previously configured on your laptop or phone. This page explains how passkey registrations and logins work. 

All I've explained takes place in a matter of seconds and doesn't require you to remember your login information or even have access to a password manager. 

Passkeys are powered by cryptographic wizardry that is concealed and never forces you to think about it, even if the backend system that manages all of this is quite complex and much beyond the comprehension of most users.

It's interesting to note that some customers still don't trust this level of protection since they think their phones could be stolen and used to access their accounts. This is untrue since the perpetrator would still want your fingers, face, or eyes. Yes, there is always the awful chance that someone will steal those pieces, but it is a very slim one. 

In the IT sector, there is a general consensus that passwords constitute a weak security system. One strong master password may not be the only password manager that puts you at risk. It's possible that those passwords are no longer secure after some of them have been hacked. Additionally, you are once again at risk if the password that secures the system is compromised.

Clearly, it's not just customers. Industries, institutions, and industries are suffering as a result of frequent ransomware attacks. Many of them begin with social engineering emails and then move on to other things like installing keystroke sniffing software, which allows them to track users as they input their passwords and IDs. But what if you never input a password? The ransomware attack could be thwarted before it starts. There is no other logical solution except a passwordless system.

Nearly Half of Security Enterprises Store Passwords in Office Documents

 

A new survey conducted by identity management vendor Hitachi ID discovered that nearly 46% of IT and security enterprises store corporate passwords in office documents like spreadsheets making them vulnerable to a significant cyber threat. Hitachi ID surveyed 100 executives across EMEA and North America to recognize better how secure their password management is. 

It indicates that IT leaders aren’t practicing what they preach because almost all (94%) participants asserted they need password monitoring training, with 63% claiming they do so more than once a year.

“It raises an important question about how effective password management training is when nearly half the organizations are still storing passwords in spreadsheets and other documents, and 8% write them on sticky notes,” stated Nick Brown, CEO at Hitachi ID. Insecure passwords are still a leading cause of cyberattacks, and education alone is clearly not enough. More companies need to follow the lead of the 30% who report that they store passwords in a company-provided password manager.” 

The worrying thing is that many enterprises know their secrets and password management isn’t up to par. Question marks were also raised about the risks posed by departing employees. Only 5% say they were extremely confident that wasn’t possible. If they have to urgently terminate an employee, only 7% of enterprises were confident they can transfer passwords and credentials, terminate access, and maintain business continuity. 

That lack of confidence has real-world implications. Some 29% of respondents say they’ve experienced an incident in the past year where they lost access to product systems after an employee left the organization. Last year, it emerged that a former employee at a credit union destroyed 21GB of corporate data, including 20,000 files and almost 3500 directories in retaliation for being fired. 

According to Ian Reay, VP, Product Management at Hitachi ID, it is estimated that each employee might have as many as 70-100 passwords and “decentralized secrets” that could be exploited by attackers to gain access to and move through an organization. 

“In the midst of the Great Resignation, every organization should be extremely confident that passwords will stay in the company regardless of which employees come and go,” Reay concluded.