Securing your passwords, credentials and authentication is a tough enough task for an individual and protecting Identity & Access Management (IAM) for an entire business can feel like a daunting task. The question of “How can I manage passwords” is frequently asked and there are 2 ways of approaching it.
One way is to continue fighting the fight of training end users, enforcing password complexity, wasting time forcing regular password changes, and walking the floors looking for post-it notes attached to monitors. The other way is to accept that the age of the password is dead and move forward with modern authentication, automated and intelligent password management.
The old way:
What is the number one most used password?
If you guessed “123456” you would be right. Quick and easy to remember, but easily cracked. Some other easy passwords to use are “password”, “pa55w0rd”, “letmein”. Creating strong passwords is an obvious thing to do.
The Usual Advice…
It’s important to create a password that is both complex and lengthy. Including a combination of lower-case and upper-case letters, numbers and special characters. Password length is important, the longer the better. Avoid predictable passwords sequences that start with a capital letter and end with a number or punctuation mark. Don’t use repetitive characters or key-stroke patterns.
Realistically, if you do all of the above with all your passwords then you may require an eidetic memory to successfully remember all of your passwords!
Use Passphrases To Help
Using a passphrase that incorporates special characters is a great option for creating memorable LONGER passwords that are more challenging to crack. Still use a few scrambled symbols to help make is strong too. For example: th3qu1cKBROwnfo*JUMP5 is 21 characters long, is easier to remember, and would take centuries to brute-force crack.
Never use the same password twice. It makes it all too easy for hackers to infiltrate and take down every account that uses the same password.
Periodic Password Changes
Taking time to change your passwords is a good practice, especially on those accounts that protect the most sensitive information. The No.1 password to protect is usually your email account! If that gets breached, it can easily be used to perform a password reset on most of your other accounts.
The age of the password is dead!
Hackers are usually one step ahead of us. Since we got better at detecting Brute Force attacks, and started using more secure passwords, they’ve all but given up trying to crack passwords.
Ultimately, it doesn’t matter how complex your password is if you are just going to give it away!
Increasingly, cybercriminals can gather usernames and passwords en masse in so-called credential harvesting attacks, via email phishing, and other exploits. An attacker may leverage the credentials for their own exploits, trade them on the dark web — or both.
In addition, your information (and sometimes credentials) are often stolen from places that you cannot control. Equifax, LinkedIn, My Space & Marriott International are just a few large organisations who have suffered data breaches and had their customers information stolen.
So, the good old password is no longer enough.
How can you protect your services with more than just a password?
How can you protect your credentials out in the wild?
With cyber-attacks on the rise MFA adds an extra layer of security to your accounts by requiring users to provide two or more methods of verification when logged in.
- Some early MFA methods were Answering a security question, security tokens, login PIN numbers and codes sent via text message or phone call.
- Many providers will email you when they see a login from a new device or a new place. “We saw a new login – was it you?”. The horse may have bolted already, but it’s a good checking mechanism and allows you to take action if your account was breached.
- Current methods are more secure and aim to simplify the process, typically using an app on your mobile phone to perform the MFA steps.
Online security begins with creating a robust password for every account you log in to. After that, you MUST apply whatever cybersecurity tools that the service provider offers to add an additional layer of security.
Then and only then can you know that you’ve done everything you can to protect your asset and force lurking cybercriminals to walk away empty-handed.
There are lots of password managers available online for FREE! These are a good start for individuals to start taking a more proactive approach to online security at a personal level.
Businesses need more control to ensure that credentials are accessible and secure. A credential is often an asset of the business, not the individual, so the IT Manager must take responsibility for its management.
Keeper: Simple and secure password management for your business
Keeper is designed for small & medium-sized businesses, it’s fast and easy to setup, and it’s easy to use.
You can create and share strong passwords, and each employee gets Keeper on unlimited devices for complete, company-wide protection with best-in-class security. Keeper uses zero-trust and zero-knowledge security architecture with full end-to-end encryption.
You can Autofill passwords with KeeperFill, to quickly get your passwords into your websites and apps.
And as a Bonus! When you buy Keeper Business, each team member gets a free Keeper Family Plan to promote password security at a personal level.
All of this is available on a subscription basis so you can pay only for what you use.
For the IT Manager
Keeper gives you visibility, security and control over your company’s cyber security protection. No technology knowledge is required – it’s super easy to use.
Your Keeper Admin Console gives you powerful vision, security and control:
- Set up, disable or remove users quickly
- Create teams and roles
- Enforce security policies
- Monitor your data security (see BreachWatch below)
- Maintain user logs and activity reports
BreachWatch: A Dark Web Monitoring Tool
A powerful business dark web monitoring tool ‘BreachWatch’ can be added on to Keeper Password Manager.
BreachWatch constantly scans employees’ Keeper Vaults for passwords that have been exposed on the dark web and immediately alerts you to take action and protect your organisation.
Benefits of Dark Web Monitoring
- Identify breaches sooner
- Fortify your organisation’s cybersecurity posture
- Protect your business and employees against bad actors on the dark web
- Perform unlimited scans on unlimited employee devices
- Gain insight into the vulnerabilities of your employees credentials
Unfortunately, if you find your credentials on the dark web, there is no way to remove them. The idea here is to alert you to that breached credential and prompt you to change that password – therefore securing the asset and rendering the hacker’s information useless.
If you would like some help managing and securing your passwords please give us a call we’ll be more than happy to assist you.