Today is World Password Day, which is a global holiday dedicated to the promotion of password security and keeping accounts secure with password best practices.
The holiday is particularly important now, as cybercriminals feel emboldened by recent large-scale nation state hacking campaigns targeting U.S. government agencies, healthcare, education and technology companies through compromises, highlighted by the SolarWinds and Microsoft Exchange Server breaches.
It appears that compromised credentials played somewhat of a role in those breaches, and stolen passwords continue to be how cybercriminals and nation state hackers compromise networks in the first place, with some cybersecurity and IT firms estimating that credentials are exploited in more than 80% of global cyberattacks. With the proliferation of AV-over-IP, AV integrators have the keys to an enormous amount of customer networks, and one set of compromised credentials could lead to a devastating cyberattack.
Here is a refresher on how to keep your credentials and identify safe, including best practices and technology that can help keep your organization safe and secure. After all, practicing good credential security is the least an organization can do to secure itself.
- Use a unique password. Passwords should always be long and include a combination of upper and lowercase letters as well as symbols or numbers. And, you should try not to use the same password for every account. If your password is stolen in one data breach, then hackers can access all of your accounts if you use the same one.
- Never share your password. Sharing your password with a coworker or friend defeats the purpose of a password by giving someone else access to your account, making it that much less secure.
- Use a password manager. It can be hard to keep track of passwords when you use a different one for each account, but password managers make it easier to keep track of them all.
- Use multi-factor authentication. At this point, using multi-factor authentication should be a standard practice at any organization. Using any form of multi-factor authentication – email, text, security keys or an authentication app – will help thwart phishing attacks or password spraying.
- Don’t even use passwords. Apologies to World Password Day, but there is an increasingly large movement to use authentication methods other than passwords. There is growing consensus that passwords are becoming an archaic and insecure way of protecting important accounts, and the technology industry is reflecting that with tools like Microsoft’s passwordless authentication tools.
Cybercriminals always look for the low-hanging fruit and the easiest way into a network, and that low-hanging fruit is, more often that not, end users and their poor credential security. At the very least, make sure your end users are aware of the role they play when it comes to these issues.
