• Menu
  • Skip to right header navigation
  • Skip to main content
  • Skip to primary sidebar

Datcher Group Inc

Datcher Group Inc. - Partners with Organizations to Secure Data

  • About
  • Services
    • Cybersecurity Program Management
    • Virtual Chief Information Security Officer
    • Microsoft Services
  • Blog
  • Case Studies
  • Contact
  • About
  • Services
    • Cybersecurity Program Management
    • Virtual Chief Information Security Officer
    • Microsoft Services
  • Blog
  • Case Studies
  • Contact

Password Management: A Gateway to a Breach?

The sad truth is many breaches begin with stolen and weak passwords. Hackers can use brute force attacks to crack passwords; cycling through a combination of stolen password lists, the alphabet, numbers, and special characters.

July 12, 2019 By //  by Ayanna Haskins

The sad truth is that many breaches begin with stolen or weak passwords. Hackers can use brute force attacks to crack passwords, either by cycling through stolen password lists or testing the alphabet, numbers, and special characters in a trial-and-error method. The tools used to crack passwords are free and fast; and not much effort for a hacker. According to Verizon?s 2019 Data Breach Investigations Report, stolen passwords (credentials) are routinely a gateway to a breach.

Password security is essential for the ongoing protection of business assets, business operations, and workforce productivity. At a minimum, every organization needs a strong password policy that establishes enforceable standards for managing passwords and highlights the critical role the workforce plays in securing business operations.

Foundational: Create a Strong Password Policy

A strong password policy to strengthen cybersecurity posture includes a set of rules approved by business leaders  that enforces strong passwords, secure usage, and encrypted storage.

  1. Educate the Workforce. Much of our workforce is unaware that poor password habits can put the company at risk. Educate your workforce that they should not use work passwords for a personal site and they should not store the password on a Post-it note.
  2. Require Strong Password. The more complex the password; the harder it is for a hacker to crack. A strong password should contain at least eight characters, including a mixture of numbers, symbols, and uppercase letters.
  3. Require Multi-Factor Authentication. A "password-only" strategy is no longer an option in this constant data-breach-ridden world. Two-Factor authentication uses two to three bits of information to verify your identity: (1) something you know (password); (2) something you have (mobile device or hardware solution), and (3) something you are (fingerprint or biometric).
  4. Password Expiration. Expiring a password offers a false sense of security and annoys the workforce. Multi-factor authentication is a more effective security policy. Password should be reset if stolen (breach communicated to the workforce) or forgotten.
  5. Prohibit Sharing Password. Passwords should not be shared. All user activity is unique and traceable back to the authorized user.
  6. Password Storage. Passwords should not be stored in clear text. Passwords should be stored using a one-way hash at rest.

What?s Next? Beyond The Password

Requiring only a password for account  authentication is a weak strategy, as demonstrated by the increased rate of compromised credentials. Increased digital adoption raises the importance of authentication. New authentication technology is moving away from static authentication, such as the login and password we are all familiar with,  and moving towards dynamic authentication. Dynamic authentication would require log-in to be different every time through one-time passwords, biometrics, or a frictionless authentication where behavioral biometrics, data analytics, and machine learning to make informed authentication decisions.

Interested in learning more?

Let?s schedule a meeting where we can discuss your business?s password policy and how it plays into your overall cybersecurity plan.


Contact Us

Filed Under: Uncategorized

Previous Post: « What’s an Effective Cybersecurity Budget?
Next Post: Why Your Company Needs a vCISO »

Primary Sidebar