Request Demo

News Coverage

It’s Time to Embrace Password Security Strategies

down-arrow

Why Your Enterprise Needs Password Security Strategies

Unfortunately, trusting employees to create strong passwords on their own may no longer serve as a tenable strategy.

According to the Identity Theft Resource Center® and CyberScout® Annual End-of-Year Data Breach Report hackers continue to target and exploit usernames and passwords for their attacks, especially when users repeat their credentials across multiple accounts. Furthermore, through publicly available personal information, hackers can guess the passwords of users and apply it to all of their accounts; after that, it is only a matter of time before they find a weak link.  

Adding to these issues, users continue to select and reuse passwords annually rated as (frankly) embarrassingly weak and easily cracked. This distinct problem stems from employee fears of forgetting their passwords.  

Password security strategies encourage employees to create unique, non-guessable passwords for their digital identities thereby keeping them and your business safe. Also, password security strategies help employees remember more complex passwords, breaking their dependence on repeated or simplistic passwords.  

What Do Password Security Strategies Entail?

Thankfully, you can embrace password security strategies and identity and access management best practices simultaneously; they’re basically one and the same. Moreover, password security strategies often prove fairly simple to conceptualize. Good places to start include:

  • Enacting Multifactor Authentication (MFA). Multifactor authentication takes some of the pressure off passwords to keep identities secure by themselves. Your enterprise can adjust the authentication factors granularly or based on threat intelligence as well.
  • Enacting Single Sign-On (SSO). Single Single-On reduces the number of passwords employees must remember to access their role-relevant resources, therefore reducing stress.
  • Mandating unique passwords. Passwords should have no direct affiliation with employee’s personal or professional lives, and optimally should be over 16 characters in length with numbers and punctuation. Ideally, employees should use a sentence or phrase. For example, passwords should avoid birthdays, job titles, or children names. However, “HelloMr.3rown!” could take hackers years to crack if not decades.
  • Deploy a next-gen identity and access management solution with password management capabilities. Password management helps employees remember their passwords automatically through the network and recognized endpoints, geolocations, and time-stamps, reducing the dependence of reused passwords.

What Password Security Strategies Do Experts Recommend?

We spoke with identity and access management experts in the wake of the Identity Theft Resource Center® and CyberScout® Annual End-of-Year Data Breach Report. Here’s what they had to say:          

Franklyn Jones, CMO, Cequence

“Unfortunately for the bad guys these data breaches are gifts that keep on giving, long after the news headlines fade away.  Millions of these stolen credentials find their way to the dark web, where they are acquired by other bad actors who then orchestrate automated bot attacks targeting other websites where those credentials might give them fraudulent access to private accounts. Without proper security safeguards, those automated attacks can be quite successful because people tend to use the same login credentials on multiple sites.”

George Wrenn, CEO, CyberSaint Security

“Due to the complexity of our day to day lives and the technology, processes, and people involved in them, the question of a cybersecurity incident is no longer a matter of ‘if’ but ‘when.’ Cybercriminals are picking up on weak spots that organizations have, and are evolving just as we are at the pace of technical innovation, such that the complexities only continue to accumulate.”

“This is why cybersecurity management must include measurement. Every business function has metrics—not just the finance unit where financial health is concerned, but the HR unit measures employee turnover, marketing, and sales units manage customer adoption… cybersecurity too needs measurement in order to be effective.”

“Without a truly metrics-driven approach when adopting best practices, there is no tangible way to communicate program effectiveness. The only way we can continue to keep up—and more importantly get better at keeping up—with the “bad guys” is if we have an efficient cycle of best practice adoption, measurement, analysis, and remediation that is easily communicable and measurable like any other business function.”

Rod Simmons, VP of Product Strategy, STEALTHbits Technologies

“In situations where a user has a weak password it is an “Aw-shucks” moment for the user; however, the administrators of the system shoulder some of the blame as they allowed the users to be so careless. As an attacker, the more frequently you see an email address used as a primary login method or recovery method, the more apparent it becomes whether that account is critical. If I have access to this email address, I can request password resets.”

“Single Sign-On using technologies like Microsoft Account, Google Account, or Facebook are great for users, as it means there’s one less credential to manage poorly. The problem is once that credential is owned, not only can a bad actor assume your identity any place you have used it, they can use it in new places you are not aware of to assume your identity.”

Thank you to these experts for their time and expertise on password security strategies!

This post originally appeared on Solutions Review, read it here

You may also like

Downgrade Of Equifax By Moody’s ...
on May 28, 2019

In response to this week’s downgrade by Moody’s of Equifax as a result of its 2017 massive breach of consumer data, six cybersecurity and risk experts offer perspective on this ...

Insights from Verizon’s 2019 Data ...
on May 9, 2019

$40 million stolen from the Binance cryptocurrency exchange yesterday by cybercriminals. Hackers infiltrating hundreds of Amazon merchant accounts late last year. The ongoing ...

CyberSaint Introduces First ...
on April 16, 2019

New CyberStrong™ integrated risk management platform capabilities deliver actionable vulnerability intelligence, single sign-on (SSO), various hosting options, and customer-facing ...

Should There Be ‘Safe Harbor’ ...
on February 20, 2019

Sometimes, you do the best you can, but things happen anyway. You follow all the best practices, all your systems are locked down, you spend twice as much as your peers on ...

Data Center Knowledge
CyberStrong Integrated Risk ...
on February 19, 2019

BOSTON--(BUSINESS WIRE)--CyberSaint Security, a cybersecurity software firm that powers automated, intelligent compliance and risk management, today announced that the company ...

Booz Allen 2019 Cyber Threat Report
on February 7, 2019

@BoozAllen @BoozAllenCyber #cybertrends #cybersecurity #cyber Find out the 8 ways threat actors can make waves in 2019 in the annual Booz Allen Cyber Threat Outlook Report: ...