One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8386763 |
| Date de publication | 2023-09-21 10:08:29 (vue: 2023-09-22 16:02:53) |
| Titre | Quelle est la force de mon mot de passe?Un guide pour permettre à vos employés de définir des mots de passe solides How Strong Is My Password? A Guide to Enable Your Employees to Set Strong Passwords |
| Texte | Have you seen the meme about needing to rename your dog now that your password has been stolen? We all have ways to make everyday tasks feel easy and comfortable-and setting up passwords for accounts and services often falls into this category. Many passwords are used daily, or multiple times in a day, so people want passwords that are easy to remember and fast to type. As security professionals, we recognize that password strength is a safeguard for personal and professional data. Weak passwords are more easily guessed or cracked. However, the question of "How strong is my password?" is often overlooked by the average person, like your employees. We might also recognize that password effectiveness is on a downward slope. Features like multifactor authentication (MFA) add a security layer, but people get frustrated with the additional task. Also, complex attacks such as MFA-bypass techniques and reverse proxy services such as EvilProxy can increasingly get past this account protection. It\'s essential for security professionals to continually evaluate and adapt newer approaches such as FIDO authentication and other passwordless methods. In this article, we will help you motivate your employees to do their part by providing effective strategies that will help them create stronger passwords and gauge their strength. Security consequences at work and home How do you explain the consequences of using a weak password? It\'s helpful to emphasize that employees might accidentally expose sensitive information that hurts them both professionally and personally. At work, a weak password might give access to office computers or the company network. The attackers can install malicious software (malware) which could lead to financial loss, data loss or data theft for your organization. Depending on the size and impact, this breach could negatively affect the company\'s health and reputation-and ultimately that person\'s job. At home, a weak password might give access to personal accounts such as banks, credit cards, emails and social media. This credential exposure could hurt not only the person but also their family members, colleagues or friends. For instance, threat actor getting into their Venmo account will see their personal credit card data and the history of transactions with people they know. We are creatures of habit, so the way you set work passwords at work is often the way you set personal passwords. It\'s natural for people to be most concerned about their home life, so there is great impact in relating the domino effect of password security. Four common mistakes of weak passwords Before you explain how to set a strong password, it\'s useful to share the common mistakes that people make in creating weak passwords. You can evaluate the weakness of a password by looking at whether it is personal, ordinary, simple and predictable. Here are four essential password “DON\'Ts”: Don\'t use identifying words. Avoid words that are personally identifying or publicly available such as your name, birthday, street address, email address or account username. Attackers can leverage a person\'s background and history for educated password guesses-especially if that attacker is someone who knows you. Don\'t use family words. For similar reasons, avoid names, numbers and dates that identify your children, animals or parents such as their age, name or birthday. Don\'t use real words. Avoid words that are straightforward or straight from the dictionary, such as “puppy” or “puppydog” or “puppy1.” Attackers can run software that processes every word in a dictionary to crack passwords. Don\'t use simple patterns. Avoid a string of characters that are consecutive numbers or a part of the alphabet, such as “1011121314” or “ghijklmn.” Attackers can run comprehensive lists of frequently used passwords to test against a password. In summary: A weak password uses personally identifying words, family dates or names, dictionary words, or simple character s |
| Envoyé | Oui |
| Condensat | about above access accidentally account accounts across actor adapt add additional address advocate affect after against age all alphabet also alternately always animals any approaches are around article attacker attackers attacks authentication available average avoid awareness background bake banks base based basing because becomes been before behavior being best between birthday both breach brown built business but bypass can card cards category certain challenging character characters childhood children cloud colleagues combination combine comfortable common commonly communicate company complex complicated comprehensive compromised computers concerned confident consecutive consequences consider constructs continually cookies” could coworkers crack cracked create created creating creation creatures credential credentials credit critical customized cute cybersecurity daily data dates day depending dictionary different difficult discernible discussed do: dog domino don downward each earlier easily easy educated effect effective effectiveness either elements else email emails emphasize employee employees enable encountering encourage encrypt ensure especially essential evaluate even every everyday evilproxy explain expose exposed exposure extra falls family fast features feel feels fido financial find football four free frequently friends from frustrated gauge generate generated generator get getting give great guess guessed guesses guidance guide guidelines habit habits harder has have having health help helpful here highly history home home honeymoon hotdog how however hurt hurts identify identifying impact important include increasingly information insights install instance instead integral job key kits know known knows layer lead length letters leverage life like list listed lists login long looking loss love lowercase make making malicious malware manage management manager many master measures media members meme memorable method methods mfa might minimum mistakes mix mixture mnemonic month more most motivate multi multifactor multiple name names naming natural needing negatively network never new newer not now numbers office often once one only ordinary organization other overlap overlooked parents part password passwordless passwords passwords passwords past pattern patterns people person personal personally phrase practice practices predefined predictable prevent private processes professional professionally professionals protection providing proxy publicly puppies puppy question questions randomized randomly randomness real reasons recognize recommend recommended reducing reduction related relating relatively remember remove rename reputation required requirements reverse risk risking rules run safe safeguard safely safety same secure security see seen sensitive separately service services set setting share should similar simple since size slope social software someone spain special standard stolen store straight straightforward strategic strategies street strength string stringing strings strong stronger strongest such summary: symbols s”: task tasks teach techniques test than that theft them these those threat tied time times together tools tools: topic transactions trick try ts”: two type types ultimately understand unexpected unique unlock unpredictability unpredictable unrelated upcoming uppercase use used useful username uses using valuable venmo vulnerable want way ways weak weakness well whether which who why will word words work world your “1011121314” “do “don “ghijklmn “my “puppy “puppy1 “puppydog” “puppy” “small ” |
| Tags | Tool Threat |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.