International Cyber Expo International Cyber Expo
  • About Us
Sunday, 19 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

One Identity Guest Blog – The password checklist

How hacked Instagram account can compromise your personal banking security

by The Gurus
May 5, 2022
in Guru's Picks, Insight
One Identity Guest Blog – The password checklist
Share on FacebookShare on Twitter

By Dan Conrad, Security team lead at One Identity  

It is not a secret that passwords are not a particularly secure method of protection, furthermore in a world where multifactor authentication is becoming the norm, talking about password hygiene seems a little dated but still, according to the Verizon 2021 Data Breach Investigations Report, credentials are the route to data breaches in 61% of incidents.  

  

In an ideal world, and increasingly in reality, any system or application that contains critical information such as banking information, healthcare, or corporate enterprise intellectual property are protected with multifactor.  For those systems that are not, such as smaller non-critical businesses, or personal online accounts, good password hygiene is still very important. 

  

A few years back, I received an opportunity to comment on an Instagram customer account breach where the attacker had gained access to some usernames and passwords. My first thought was…. “This is pointless.”  Why do we care if a portion of the Instagram population has their usernames and passwords compromised?  What could possibly happen?  Then it occurred to me that most people reuse passwords.  So, the same username or email address may be tied to a personal banking account or even a corporate/work system with intellectual property, VPN access, or even an Active Directory credential.   

 

Therefore, it’s important to remember these password basics to ensure your personal and corporate data secured: 

  

Tip #1:  Never reuse passwords, or derivatives of the same password.   

  

The concept of frequently changing passwords is fading. Many systems no longer require frequent changes, due to passwords becoming less and less frequently used. However, just because these systems have stopped mandating password changes, this does not mean that you have carte blanche when it comes to password use.   

 

While cycling passwords or single-use passwords is very valuable with highly privileged accounts, the value of constantly cycling a standard user password is much less if a complex password is used initially. 

  

Tip #2:  Use complex passwords with at least eight characters.  

  

I personally use a password manager that will store and inject passwords.  There are many good ones on the market but be sure to protect this personal password vault with multifactor authentication.  With this system, I can set it to create passwords for up to 99 characters.  Remember that you may have to physically type one of these passwords at some point so selecting 99 characters, which is highly secure from password crackers, may be terribly inconvenient.  I’ve learned this from experience.  

 

It’s important to strike the appropriate balance when it comes to passwords; they need to be secure but making them so secure that they render the account in question virtually inaccessible should not be the aim of any password manager.  

  

Tip #3:  Given the option – use a strong password and multifactor authentication.   

  

Multi-factor authentication is a massively important tool in double-stamping the security of your passwords. However, they are not a silver bullet. Don’t expect multifactor to protect your account when you use “Password1” as your password.  If the initial password is weak, this will simply encourage attackers. The account will be subjected to more attacks, so you have made the decision to leave the first security door unlocked. The best advice I can give is to use an 8+ character password AND multifactor authentication.  

  

From the perspective of protecting the corporate enterprise and users with authentication, passwords and proper selection/use are a key element.  Users can look at their authentication/credentials as the keys to the building.  You wouldn’t share the key with anyone, and you should be very concerned about someone taking your keys, whether with malicious intent or not.   

 

We all need to do better. Sadly, the days of reading your username and password over the phone are not quite behind us yet. Even sending them across supposedly encrypted services like WhatsApp isn’t advisable.  These practices would undoubtedly be against corporate security policies – and if they are not, they should be.   

 

In conclusion if you want to make sure employees don’t do this sort of thing, use multifactor for ALL of your user authentication needs.  

ShareTweet
Previous Post

OWASP patches path traversal flaw

Next Post

South Korea joins NATO Cyber Defence Centre

Recent News

CISOs say boardrooms still don’t grasp the human cyber risk AI is supercharging

CISOs say boardrooms still don’t grasp the human cyber risk AI is supercharging

July 17, 2026
AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

July 16, 2026
Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

July 15, 2026
Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

July 15, 2026

Eskenzi PR banner ad

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol