Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 28 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

One Identity Guest Blog – The password checklist

How hacked Instagram account can compromise your personal banking security

by Guru's
May 5, 2022
in Guru's Picks, Insight
One Identity Guest Blog – The password checklist
Share on FacebookShare on Twitter

By Dan Conrad, Security team lead at One Identity  

It is not a secret that passwords are not a particularly secure method of protection, furthermore in a world where multifactor authentication is becoming the norm, talking about password hygiene seems a little dated but still, according to the Verizon 2021 Data Breach Investigations Report, credentials are the route to data breaches in 61% of incidents.  

  

In an ideal world, and increasingly in reality, any system or application that contains critical information such as banking information, healthcare, or corporate enterprise intellectual property are protected with multifactor.  For those systems that are not, such as smaller non-critical businesses, or personal online accounts, good password hygiene is still very important. 

  

A few years back, I received an opportunity to comment on an Instagram customer account breach where the attacker had gained access to some usernames and passwords. My first thought was…. “This is pointless.”  Why do we care if a portion of the Instagram population has their usernames and passwords compromised?  What could possibly happen?  Then it occurred to me that most people reuse passwords.  So, the same username or email address may be tied to a personal banking account or even a corporate/work system with intellectual property, VPN access, or even an Active Directory credential.   

 

Therefore, it’s important to remember these password basics to ensure your personal and corporate data secured: 

  

Tip #1:  Never reuse passwords, or derivatives of the same password.   

  

The concept of frequently changing passwords is fading. Many systems no longer require frequent changes, due to passwords becoming less and less frequently used. However, just because these systems have stopped mandating password changes, this does not mean that you have carte blanche when it comes to password use.   

 

While cycling passwords or single-use passwords is very valuable with highly privileged accounts, the value of constantly cycling a standard user password is much less if a complex password is used initially. 

  

Tip #2:  Use complex passwords with at least eight characters.  

  

I personally use a password manager that will store and inject passwords.  There are many good ones on the market but be sure to protect this personal password vault with multifactor authentication.  With this system, I can set it to create passwords for up to 99 characters.  Remember that you may have to physically type one of these passwords at some point so selecting 99 characters, which is highly secure from password crackers, may be terribly inconvenient.  I’ve learned this from experience.  

 

It’s important to strike the appropriate balance when it comes to passwords; they need to be secure but making them so secure that they render the account in question virtually inaccessible should not be the aim of any password manager.  

  

Tip #3:  Given the option – use a strong password and multifactor authentication.   

  

Multi-factor authentication is a massively important tool in double-stamping the security of your passwords. However, they are not a silver bullet. Don’t expect multifactor to protect your account when you use “Password1” as your password.  If the initial password is weak, this will simply encourage attackers. The account will be subjected to more attacks, so you have made the decision to leave the first security door unlocked. The best advice I can give is to use an 8+ character password AND multifactor authentication.  

  

From the perspective of protecting the corporate enterprise and users with authentication, passwords and proper selection/use are a key element.  Users can look at their authentication/credentials as the keys to the building.  You wouldn’t share the key with anyone, and you should be very concerned about someone taking your keys, whether with malicious intent or not.   

 

We all need to do better. Sadly, the days of reading your username and password over the phone are not quite behind us yet. Even sending them across supposedly encrypted services like WhatsApp isn’t advisable.  These practices would undoubtedly be against corporate security policies – and if they are not, they should be.   

 

In conclusion if you want to make sure employees don’t do this sort of thing, use multifactor for ALL of your user authentication needs.  

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

OWASP patches path traversal flaw

Next Post

South Korea joins NATO Cyber Defence Centre

Recent News

Blue Logo OUTPOST24

New Research Examines Traffers and the Business of Stolen Credentials

March 28, 2023

How to Succeed As a New Chief Information Security Officer (CISO)

March 28, 2023

The Importance of Data Security and Privacy for Individuals and Businesses in the Digital Age

March 28, 2023
penetration testing

Cymulate’s 2022 Cybersecurity Effectiveness Report reveals that organizations are leaving common attack paths exposed

March 28, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information