Articles

Fresh information from the world of IT security

Why Password Management and Security Strategies Fall Short more articles »

Why Password Management and Security Strategies Fall Short

Age of password name123 is long gone. Even a more complex password may not be enough if you use it for multiple platforms. Read more in an article below.


Researchers say companies need to rethink their password training and take a more holistic approach to security.

Industry researchers have grown concerned that security pros are making it too easy for hackers to prey on people.

One says that companies need to make password management easier, while the other emphasizes a defense-in-depth approach that includes both technology and training, thereby putting less of a burden on humans.

David Jacoby, a senior security researcher at Kaspersky Lab, found in his firm's study that for less than $50, a criminal can buy a person's full digital identity. This includes personal data stolen from social media and bank accounts, gaming websites, and streaming media accounts.

Most of the data thefts are executed via spear-phishing or by exploiting security vulnerabilities in a Web application, Jacoby says. After a successful attack, the criminal will obtain a password dump, which contains a combination of email addresses and passwords for the hacked service. Because so many people use the same password for multiple accounts, attackers can also use this information to access accounts on other platforms.

"One of the big problems is that people tend to reuse passwords," Jacoby says. "I think we've not done a good job training users how to develop their passwords."

The industry, he says, stresses a technical solution, such as password managers, but the tools aren't always easy for people to use. While Jacoby does recommend using a password manager and better security software for those who can manage them, for most people the best passwords are phrases unique to them, followed by a punctuation mark, then a unique identifier, he says.

So multiple passwords could look something like this:

  • Facebook: Ilikecars!friends
  • Netflix: Ilikecars!movies
  • PayPal: Ilikecars!money

By making their passwords unique and related to specific services, most people should be able to remember them, Jacoby says. He also recommends that people search a resource such as haveIbeenpwned.com to check whether sites they have accounts with have been compromised.

"If you do a search and find that one of your accounts has been hacked, don't panic,” Jacoby advises. "All you can do is move forward. Start by changing your passwords on the compromised sites, and slowly shift to either a password manager or the system I've recommended based on unique identifiers.”

Dylan Tweney, head of the research program at Valimail, adds that while more effective password management makes sense, too often security pros blame users for all their problems.

Tweney points to recent Valimail research, which found that when it came to detecting fraudulent emails, there was virtually no difference between the scores of those who received anti-phishing training compared with those who didn't. Out of 11 emails, those who received the training identified 4.98 and those who didn't spotted 4.97.

Valimail recommends a more balanced approach that includes training, email authentication, deploying secure email gateways, and making sure spam filters are current.

"The idea is to not make humans the front line of defense," Tweney explains. "By taking on a more defense-in-depth approach, the burden on the humans is less, so there's a better chance that when emails do get through, the users will be able to detect them because they won't be overwhelmed."

 

 

Source : https://www.darkreading.com/operations/identity-and-access-management/why-password-management-and-security-strategies-fall-short/d/d-id/1333221

 

Why to choose us?

Credibility

We have been on the market since 2008 and our credibility can be approved by partnership with prominent companies in the field of IT and mostly by lots of satisfied customers who use our services. We are not freshmen. Our team knows what your IT infrastructure needs and we will be happy to provide it to you. Our quality is also reflected in certification of the management systems according to the ISO 9 001 standard.

Professional attitude

Your data should not be protected by inexperienced people. Therefore, ask for a professional partner. Our rich experience is attested by trainings which our employees attend on a regular basis so that they can give you adequate advice and ensure fluent running of your infrastructure. We are owners of the 27 001 certification, which means your data are secured.

Efficiency

We do not offer you unnecessary solution just to earn money at your expense. Our purpose is not to impose a robust solution you will be using at the minimum level. However, this does not mean we do not take structure design seriously. We also consider possible plans of your company’s development. Your satisfaction and data security are our main priority.

References

Úrad vlády Slovenskej republiky
Saneca Pharmaceuticals a.s.
Motor-Car Group
UPC BROADBAND SLOVAKIA s.r.o.
Trenčianska vodohospodárska spoločnosť a. s.
Ministerstvo školstva, vedy, výskumu a športu SR

Articles more articles »

Activity Summary - Week Ending January 4, 2019

Activity Summary - Week Ending January 4, 2019

22.02.2019 | Our partner Fortinet publishes a report every week about exposed threats. You can review the weekly report below. If you have questions, do not hesitate to contact us

Read more »

Contact


ReFoMa, s.r.o.
Dolné Rudiny 1
010 01 Žilina, Slovakia

+421 41/202 88 80 – front office
+421 41/202 88 81 – support
+421 41/202 88 82 – sales department
Company No.: 43892345
TAX No.: 2022541378
VAT No.: SK2022541378
Bank account (IBAN):
SK13 1100 0000 0026 2582 3735