Improve Your Password Security

Uploaded on 2022-05-04 in TECHNOLOGY--Resilience, FREE TO VIEW

Users who neglect cyber advice and reuse the same passwords on multiple websites face increased cyber risk, and should to rethink their actions to better protect their online accounts. 

Since 90% of cyber-attacks require human interaction to be successful, a people-centric approach to security is essential for organisations. May 5th is World Password Day and to help internet users and enterprises, here are some  top tips on password management and creation that can be leveraged to increase cyber security

Passwords are one of the first critical barriers between a person, a threat actor and a successful cyber attack. One of the most common mistakes that people make is reusing the same ID/email address and password across multiple sites and devices. Password reuse is exacerbated by the increasing volume and success rates threat actors are reaping with advanced credential phishing campaigns that use fake websites resembling the login page of a legitimate online service to steal usernames and passwords. 

Consumers are well advised to use different passwords, especially on critical financial and data-driven accounts.

Be sure to turn on multi-factor authentication (MFA) if available for as many accounts as possible. If MFA is not an option for the account, use a password manager. A password manager creates randomized passwords that are safely stored, encrypted, and accessible across all personal devices and reduces the burden of trying to remember complicated login credentials across multiple websites.

If you use a passphrase as part of your password, make sure you never use common words or phrases, names or dates associated with you or direct family members. It’s also best to change all passwords twice a year and change business passwords every three months.
  
In almost every case, cyber attacks require human interaction to be successful, it remains important for businesses to implement a people-centric approach to security. Ensure that both your remote and in-office employees receive training and education on basic cybersecurity best practices, including how to identify a credential phishing attempt and how to securely manage passwords.  

Additional Password Management & Creation Tips

 Use multi-factor authentication (MFA) for as many accounts as possible. The basic concept is to use two forms of ‘evidence’ that validate an identity before access is granted, increasing account protection. For example, when you sign into your account, you will receive an alert to your phone requesting confirmation in order to log in.

This approach frustrates the automated systems threat actors use to guess passwords or when plugging in stolen passwords. 

Use a secure password management application that can recall multiple passwords and automatically inputs them when needed. Using a password management application removes the need to remember and juggle multiple passwords, which makes users more inclined to use more secure and longer passwords. 

When it comes to password creation, avoid common words, phrases, names, and dates associated with you or direct family members. Threat actors can easily cross reference any data captured on you to arrive at the correct combination to break into your accounts. You should also change personal passwords twice a year and avoid reusing passwords across accounts.

For business passwords, change your critical passwords every 3 months and putting an automated system policy in place that places a deadline on refreshing passwords. That policy can determine passwords requirements and prevent recent passwords from being used.

Adenike Cosgrove is a cybersecurity strategist & VP Marketing at Proofpoint 

You Might Also Read:

123456 Is Not A Password:

 

« Hackers Are Blasting Facebook Users With Phishing Emails
Five Eyes Warn Of Russian Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authenware

Authenware

AuthenWare delivers the highest level of identity security based on behavioral biometrics.

NXO France

NXO France

NXO is an independent leader in the integration and management of digital workflows with services covering digital infrastructures, communications & collaboration, and security.

Zix

Zix

Zix offers secure email encryption, threat protection, archiving, DLP and BYOD security for hospitals, financial services, government, and more.

Kuratorium Sicheres Österreich (KSO)

Kuratorium Sicheres Österreich (KSO)

KSO is an independent non-profit association that has set itself the goal of making Austria safer as a national networking and information platform for topics of internal security.

Repulsa

Repulsa

Repulsa provides state-of-the-art, patented, fast filtering with over 700 million malicious IP addresses and over 30 million categorized site listings updated daily.

Dell Technologies Capital

Dell Technologies Capital

At Dell Technologies Capital we lead investment in disruptive, early-stage startups in enterprise and cloud infrastructure.

Cybil

Cybil

Cybil is a publicly-available portal where members of the international cyber capacity building community can find and share information to support the design and delivery of programs and projects.

SightGain

SightGain

SightGain is the only integrated risk management solution focused on cybersecurity readiness using real-world attack simulations in your live environment.

Intellias

Intellias

Intellias is a trusted technology partner to top-tier organizations and digital natives helping them accelerate their pace of sustainable digitalization.

FINX Capital

FINX Capital

FINX strives to solve the cybersecurity issues with its proprietary technolog, FINX SHIELD, by utilizing big data, blockchain combined with artificial intelligence.

TokenEx

TokenEx

TokenEx Cloud Security Platform protects sensitive data to strengthen our clients' security postures while future-proofing their operations.

Indian Cyber Security Solutions (ICSS)

Indian Cyber Security Solutions (ICSS)

Indian Cyber Security Solutions is an Enterprise Cyber Security Platforms company offering Cyber Security & Technical Education and Compliance & Penetration Testing Services.

Foresiet

Foresiet

Foresiet is the first platform to cover all of your digital risks, allowing enterprise to focus on the core business.

Nortal

Nortal

Nortal is a strategic digital transformation partner for leading companies and governments around the world.

Cybecs Security Solutions

Cybecs Security Solutions

Cybecs was founded to address rapid technological advancement, changing business models, global privacy regulations, and increasing cyber threats for global organizations.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.