Články

Aktuálne informácie zo sveta bezpečnosti IT riešení

Manažment hesiel a jeho nedostatočnosť. viac článkov »

Manažment hesiel a jeho nedostatočnosť.

Doba hesiel meno123 už je dávno preč. Už ani zložitejšie heslo nemusí postačovať, pokiaľ ho používate pre viaceré platformy. Viac sa dočítate v anglickom článku.


 Researchers say companies need to rethink their password training and take a more holistic approach to security.

Industry researchers have grown concerned that security pros are making it too easy for hackers to prey on people.

One says that companies need to make password management easier, while the other emphasizes a defense-in-depth approach that includes both technology and training, thereby putting less of a burden on humans.

David Jacoby, a senior security researcher at Kaspersky Lab, found in his firm's study that for less than $50, a criminal can buy a person's full digital identity. This includes personal data stolen from social media and bank accounts, gaming websites, and streaming media accounts.

Most of the data thefts are executed via spear-phishing or by exploiting security vulnerabilities in a Web application, Jacoby says. After a successful attack, the criminal will obtain a password dump, which contains a combination of email addresses and passwords for the hacked service. Because so many people use the same password for multiple accounts, attackers can also use this information to access accounts on other platforms.

"One of the big problems is that people tend to reuse passwords," Jacoby says. "I think we've not done a good job training users how to develop their passwords."

The industry, he says, stresses a technical solution, such as password managers, but the tools aren't always easy for people to use. While Jacoby does recommend using a password manager and better security software for those who can manage them, for most people the best passwords are phrases unique to them, followed by a punctuation mark, then a unique identifier, he says.

So multiple passwords could look something like this:

  • Facebook: Ilikecars!friends
  • Netflix: Ilikecars!movies
  • PayPal: Ilikecars!money

By making their passwords unique and related to specific services, most people should be able to remember them, Jacoby says. He also recommends that people search a resource such as haveIbeenpwned.com to check whether sites they have accounts with have been compromised.

"If you do a search and find that one of your accounts has been hacked, don't panic,” Jacoby advises. "All you can do is move forward. Start by changing your passwords on the compromised sites, and slowly shift to either a password manager or the system I've recommended based on unique identifiers.”

Dylan Tweney, head of the research program at Valimail, adds that while more effective password management makes sense, too often security pros blame users for all their problems.

Tweney points to recent Valimail research, which found that when it came to detecting fraudulent emails, there was virtually no difference between the scores of those who received anti-phishing training compared with those who didn't. Out of 11 emails, those who received the training identified 4.98 and those who didn't spotted 4.97.

Valimail recommends a more balanced approach that includes training, email authentication, deploying secure email gateways, and making sure spam filters are current.

"The idea is to not make humans the front line of defense," Tweney explains. "By taking on a more defense-in-depth approach, the burden on the humans is less, so there's a better chance that when emails do get through, the users will be able to detect them because they won't be overwhelmed."

 

 

Source : https://www.darkreading.com/operations/identity-and-access-management/why-password-management-and-security-strategies-fall-short/d/d-id/1333221

 

Prečo si vybrať nás?

Dôveryhodnosť

Na trhu pôsobíme už od roku 2008 a našu dôveryhodnosť potvrdzujú partnerstvá popredných spoločností v oblasti IT a hlavne množstvo spokojných zákazníkov, ktorí využívajú naše služby. Nie sme nováčikom a vieme, čo vaša IT infraštruktúra potrebuje a radi vám to ponúkneme. O našej kvalite hovorí aj certifikácia systémov manažérstva podľa normy ISO 9 001.

Profesionalita

Bezpečnosť vašich dát nedokáže chrániť len tak niekto. Obráťte sa teda na profesionálneho partnera. Naše bohaté skúsenosti potvrdzujú školenia, ktoré naši zamestnanci absolvujú pravidelne, aby vám vedeli vždy poskytnúť adekvátne rady a zabezpečiť tak plynulý a ničím nerušený chod vašej infraštruktúry. Sme vlastníkom certifikácie 27 001, takže vaše dáta sú u nás v bezpečí.

Efektivita

Neponúkame vám riešenia, ktoré sú pre vás zbytočné, len aby sme na vás zarobili. Našim cieľom nie je nanútiť vám robustné riešenie, ktoré budete využívať na minimum, no zároveň návrh štruktúry berieme vážne aj s ohľadom na prípadné plány rozvoja vašej spoločnosti. Prioritou pre nás je vaša spokojnosť a bezpečnosť vašich dát.

Referencie

Mercedes-Benz Slovakia, s.r.o.
Správa služieb diplomatickému zboru, a.s.
PosAm, spol. s r.o.
CNC, a.s.
Motor-Car Group
ASBIS SK spol. s r.o.

Kontakt


ReFoMa, s.r.o.
Dolné Rudiny 1
010 01 Žilina, Slovakia

+421 41/202 88 80 – sekretariát
+421 41/202 88 81 – technická podpora
+421 41/202 88 82 – obchodné oddelenie
IČO: 43892345
DIČ: 2022541378
IČ DPH: SK2022541378
Okresný súd Žilina, odd.: Sro, vl. číslo 20197/L

Bankové spojenie (IBAN):
SK13 1100 0000 0026 2582 3735