One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2745384 |
| Date de publication | 2021-05-06 10:00:00 (vue: 2021-05-06 11:05:46) |
| Titre | Password security tips and best practices for enterprises |
| Texte | In honor of World Password Day, we’re doing our part to help keep your business secure by discussing the good, the bad, the ugly and the critical about passwords. Let’s face it: between all the logins we need for work and all the accounts we use in our personal lives, there are too many passwords to remember. So many of us do what seems natural—use the same password for multiple accounts. After all, especially with corporate password policies, most employees use strong passwords with a mix of numbers, lowercase and uppercase letters, and special characters. Still, what about all those sticky notes we have “secretly” hidden in locations probably not far away from our devices? That security risk is only the tip of the iceberg. Because according to a 2019 Lastpass survey, US employees working in mid-sized corporate businesses must manage approximately 75 passwords for work. Unsurprisingly, employees recycle passwords 13 times on average. In other words, employees are using the same passwords over and over. And in many cases, especially for corporate applications and resources that lack strong password requirements, some passwords just aren’t strong enough. Cybercriminals know this, and it’s why breaches happen. If hackers get access to your trusted data, the ramifications can be dire. The costs of a data breach go well beyond financial, and include damage to your company’s brand, trust and reputation. Why do we need stronger and longer passwords? As malware, phishing, and ransomware continue to skyrocket, we must understand that the password is the primary method for attackers to gain access to corporate systems. Phishing passwords may be the easiest method, but passwords can also be cracked. The stronger the password, the harder it is for cybercriminals to decode. In a typical attack—the brute force password attack—attackers will use software that quickly attempts every possible password combination of numbers, letters, and symbols. These software programs get better as computing power increases. For example, an eight-character strong password was not long ago considered secure and difficult to crack. Today, it can be cracked in eight hours. But if we tack on two more characters to make it ten-character, cracking the password can take approximately five years. Why do we need unique passwords for every login? As mentioned above, phishing is one of the simplest ways for hackers to steal our passwords. If you think your company has been victimized by phishing, malware, or ransomware, perhaps you’ve taken steps to reset those passwords. But the security risk here is if employees are using the same passwords for different apps, sites or resources. Have you heard about credential stuffing? With credential stuffing, attackers take username and password combinations they already know (which have been stolen or paid for on the dark web) and try them everywhere they can. Use of credential stuffing is escalating, and businesses of all sizes should take note. This type of attack is only successful if and when employees use the same password for different logins. What about password managers? Managing all those passwords doesn’t have to be complicated. A password management system is software that keeps an up-to-date list of all your passwords and logins, using a master password to access the password “vault”. That master password is the only one you need to remember. What if a hacker accesses your vault? Isn’t that riskier? Sure, there is undoubtedly an element of risk, but it’s critical to think in terms of relative safety. As a general rule, using some type of password |
| Envoyé | Oui |
| Condensat | “123456 “1234567890 “walking88dog don’t remember *must 2019 about above access accesses according accounts achieving adding after ago all already also although always answers any anymore applications approximately apps are aren’t aside associated attack attack—attackers attack—the attackers attacks attempts authentication available average aware awareness away bad bank basis because been best better between beyond brand breach breaches brute business businesses but can cases certainly chance character characters close code coffee” combination combinations come common company company’s complete complicated computing consider considered contain continue contractors corporate costs course crack cracked cracking credential credentials critical culture cut cyber cybercriminals damage dark data date day decode device devices different difficult dire discussing doesn’t doing easiest easily easy eight element email employ employees engaged enough enterprises escalating especially even every everybody everywhere example experts face factor far feasible feel fewer fill finally financial fingerprint first five force foster found fourth from fruit gain general generous get give good guess habits hack hackable hacker hackers hanging happen harder has have have* having heard help here hidden honor hours hygiene iceberg importantly include increases information internet involved isn’t it’s it: just keep keeps know lack lastpass less let’s letters like limit list lives locations lock logging login logins long longer looking low lowercase made make making malware manage management manager managers managing many master may media mentioned message method mfa mid minimize minimizing mix money more most move much multi multifactor multiple must natural—use need new next none nordpass not note notes number numbers one only organization organizations other out over paid part pass passphrase password passwords people perhaps personal phishing phrase physical policies poor popular possible power practices preventing primary probably process program programs put questions quickly ramifications ransomware reason recent recognition recycle reduce regular relative remember represent reputation requirements reset resources risk riskier risks rule running sadly safety same save savings scanner second secret secure security seems sent sentence—not several share sharing should simplest simply sites sized sizes skyrocket sneaky social software solutions some sound special steal steps sticky stolen strategy strong stronger study stuffing successful suggest sure survey symbols system systems tack take taken target targets taught ten terms text than than… them these things think those through time times tip tips today together token too top treasure tries trove trust trusted try trying two type typical typically ugly understand undoubtedly unique unrelated unsuccessful unsurprisingly uppercase use username users using vault very victimized ways we’re web well what when which why will wins within won’t word words work working world would years you're you’ve your |
| Tags | Ransomware Data Breach Hack |
| Stories | LastPass |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.