Password security : Are passwords becoming a weak spot at companies?

Password security : Are passwords becoming a weak spot at companies?

Passwords are designed to give you access to an online world while companies protecting your informationHowever, password security can lead to attacks. This first point of cybersecurity is becoming a weak spot that can involve dire consequences if unaddressed for companies.

Relying on passwords for security has become increasingly problematic. Devising and remembering a complex password for every account and website is virtually impossible on your own. But using weak and simple passwords is a recipe for data breaches, account takeovers, and other forms of cyberattack.

Password security and Reports tell us about the situation…

For its report The misfortunate passwords of Fortune 500 companies, NordPass researchers analyzed data from public third-party breaches that affected companies. The data included details from more than 15 million breaches across 17 different industries.

The researchers looked at the top 10 passwords used in each industry. In addition the percentile of unique passwords, and the number of data breaches that hit each sector.

The word “password” is still being used, and misused as the most common password across all industries. Including retail and e-commerce, energy, technology, finances, and even IT and technology. Among other passwords in the top ten list, some common choices were “123456,” “Hello123,” and “sunshine.”

According to a Verizon report, more than 80 per cent of data breaches occur from weak or compromised passwords. Because creating the likelihood of an ongoing vulnerability regardless of how much technology is deployed to defeat hackers.

Certified cybersecurity. Multifactor authentication

Education and awareness are becoming more crucial in cyber security, especially in SMEs.

Two-factor authentication is great but you need to educate people about it because most employees complain about it.

The term “two-factor authentication” refers to a second step to confirm who you are. An additional layer of protection will, by default, provide more security than a single barrier.

The easiest way to “lock the door” on technology is employing multi-factor authentication. This security measure requires users to present at least two pieces of evidence before gaining access to a server, device, database or software program. A cybercriminal who has obtained a user’s username and password will not be able to access the system. You would still need to have access to that person’s unlocked cell phone or email to get an urgent verification code.

Especially, to avoid Data Leaks on Social Networks.

See how Soffid can help you stay ahead of the curve in a rapidly evolving digital world. Share your requirements and a representative will follow up to discuss how Soffid can help secure your organization.

Happy World Password Day! (and why you should care)

Happy World Password Day! (and why you should care)

Today is World Password Day. Every year on the first Thursday in May World Password Day promotes better password habits. Despite what is going on in the world this might be the most important Password Day there has been.

With so many of us working from home our cybersecurity will be stretched to the limit. The basis of great cybersecurity is using strong passwords. So to a good way of improving your security is making sure employees are using strong passwords for all accounts your business uses.

 

Why is World Password Day so important?

Well despite all the warnings about using the same weak passwords on our accounts, we are still doing it. We are still making it easy for cybercriminals to hack into our accounts. If a hacker gets access to one account and you use that password across different accounts, they now have access to all of them.

A survey held in the UK by password manager LastPass found some shocking behaviours around using the same password.

  • 92% know that using the same or a variation of the same password is a risk, but:
  • 50% of us do it regardless!

Passwords are now an expected and typical part of our data-driven online lives. In today’s digital culture, it’s not unusual to need a password for everything—from accessing your smartphone, to signing into your remote workspace, to checking your bank statements, and more. We’ve all grown used to entering passwords dozens of times per day, and because of this, we often take passwords for granted and forget how crucial they are.

With that in mind, what steps can you take to ensure that your personal data is protected at all times?

 

Consider a password overhaul—at home and at work

We know… just the mere thought of coming up with (and remembering) yet another new password is daunting. The average person has about 100 different passwords for the various tools, apps, websites, and online services they use on a regular basis. With so many passwords to keep track of, those familiar “Update Password” prompts tend to get bothersome.

But, unfortunately, we live in a world of constant hacking attempts and security breaches. While changing passwords may be inconvenient at times, following this password best practice can help prevent the following data catastrophes:

  • Giving hackers easy access to your most sensitive accounts
  • Breaches to multiple accounts that share the same or similar passwords
  • Attacks by keystroke loggers who steal common login credentials
  • Loss of data through shared (and easily stolen) passwords

Although it requires time and patience, password protection is one of the most important things you can do to safeguard your personal, professional, and sensitive data. The list below includes four easy and practical tips for creating better password policies.

 

1. Increase the complexity and length of each password

There’s a reason that websites and online services provide so much direction when prompting users to create new passwords. Variation in both the complexity and length really does matter when it comes to protecting your accounts. Always incorporate both upper and lowercase letters, numbers, special characters, and symbols into each password you create.

When used in combination, complexity and length make passwords much harder to guess at random. This tactic also prevents users from relying on common phrases or personal identifiers (such as date of birth) when making new passwords. A password that contains only lowercase letters of a simple phrase is much more vulnerable than a complex combination of different characters.

2. Use a password manager

Password management software takes some of the brunt out of remembering the many different combinations you use around the internet. Generally, a password manager requires the creation of one master password. Then, you’ll be given the option to connect different logins that are then placed into your password “vault.”

Many password managers also encrypt passwords to create an additional layer of protection. This means that once you’re logged into the password manager, you may be able to login automatically to different websites, but the exact characters of your unique passwords aren’t always visible.

3. Never store passwords in plain sight

Although it’s tempting, you should never record passwords on paper or in plain sight somewhere on your desktop (such as on a notes app). These methods are easy to spot, which makes them even easier to steal. Additionally, it’s not very difficult to lose, misplace, or throw away passwords that you store on paper.

If you ever need to share passwords or login credentials with another individual (perhaps a family member or an approved coworker), always choose a secure method. Password management software also comes in handy when you need a secure way to share passwords.

4. Use multi-factor authentication wherever possible

Strong passwords make a big difference, but sometimes, additional security is necessary. Multi-factor authentication (MFA) is the process of protecting your digital password with a physical form of identification. For example, when you enter your password into an online account like Gmail, you may receive a code to your mobile phone that you’ll have to enter for an extra line of security. MFA is an effective way to prevent cybercriminals from accessing passwords via third party online systems.

Multi-factor authentication can be conducted in a variety of ways—it might include a quick fingerprint scan, a phone call, a text message, or a code. While MFA does add another roadblock to accessing your account, it’s a simple, yet powerful way to strengthen data security.

Enhancing your unique passwords is just one of the many ways that you can lock down any potential vulnerabilities and prevent cybercriminals from accessing your information.

Sources:
(1) Infotech
(2) Techsecurity

How to reduce resources devoted to password reset

How to reduce resources devoted to password reset

Password reset is one of the most recurrent tasks in help desk departments. With Soffid you can dramatically reduce the number of call center calls, by giving the user the tools to self recover the password.

Soffid allows administrator to enable or disable some recovery methods including presaved questions, email, smart cards, SMS and others. At this post we will see how a user deals with presaved questions recover.

At first, user is encouraged to answer some predefined questions, as well as fill in new questions. The video below this lines shows how a user is automatically redirected to password recovery form just after login into the workstation.

Once the password has been filled in, the user is able to recover its password from within Windows login screen. See next video.