Improve Your Password Security

Uploaded on 2022-05-04 in TECHNOLOGY--Resilience, FREE TO VIEW

Users who neglect cyber advice and reuse the same passwords on multiple websites face increased cyber risk, and should to rethink their actions to better protect their online accounts. 

Since 90% of cyber-attacks require human interaction to be successful, a people-centric approach to security is essential for organisations. May 5th is World Password Day and to help internet users and enterprises, here are some  top tips on password management and creation that can be leveraged to increase cyber security

Passwords are one of the first critical barriers between a person, a threat actor and a successful cyber attack. One of the most common mistakes that people make is reusing the same ID/email address and password across multiple sites and devices. Password reuse is exacerbated by the increasing volume and success rates threat actors are reaping with advanced credential phishing campaigns that use fake websites resembling the login page of a legitimate online service to steal usernames and passwords. 

Consumers are well advised to use different passwords, especially on critical financial and data-driven accounts.

Be sure to turn on multi-factor authentication (MFA) if available for as many accounts as possible. If MFA is not an option for the account, use a password manager. A password manager creates randomized passwords that are safely stored, encrypted, and accessible across all personal devices and reduces the burden of trying to remember complicated login credentials across multiple websites.

If you use a passphrase as part of your password, make sure you never use common words or phrases, names or dates associated with you or direct family members. It’s also best to change all passwords twice a year and change business passwords every three months.
  
In almost every case, cyber attacks require human interaction to be successful, it remains important for businesses to implement a people-centric approach to security. Ensure that both your remote and in-office employees receive training and education on basic cybersecurity best practices, including how to identify a credential phishing attempt and how to securely manage passwords.  

Additional Password Management & Creation Tips

 Use multi-factor authentication (MFA) for as many accounts as possible. The basic concept is to use two forms of ‘evidence’ that validate an identity before access is granted, increasing account protection. For example, when you sign into your account, you will receive an alert to your phone requesting confirmation in order to log in.

This approach frustrates the automated systems threat actors use to guess passwords or when plugging in stolen passwords. 

Use a secure password management application that can recall multiple passwords and automatically inputs them when needed. Using a password management application removes the need to remember and juggle multiple passwords, which makes users more inclined to use more secure and longer passwords. 

When it comes to password creation, avoid common words, phrases, names, and dates associated with you or direct family members. Threat actors can easily cross reference any data captured on you to arrive at the correct combination to break into your accounts. You should also change personal passwords twice a year and avoid reusing passwords across accounts.

For business passwords, change your critical passwords every 3 months and putting an automated system policy in place that places a deadline on refreshing passwords. That policy can determine passwords requirements and prevent recent passwords from being used.

Adenike Cosgrove is a cybersecurity strategist & VP Marketing at Proofpoint 

You Might Also Read:

123456 Is Not A Password:

 

« Hackers Are Blasting Facebook Users With Phishing Emails
Five Eyes Warn Of Russian Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Titania

Titania

Titania provide network security and compliance software. Find your Network Security gaps before hackers do with our security & compliance tools.

Agenci

Agenci

Agenci are specialists in cyber security and information security and deliver ISO 27001 Certification.

CERT-UG/CC

CERT-UG/CC

CERT-UG/CC is the national Computer Emergency Response Team for Uganda, operating under the National Information Technology Authority (NITA-U)

Cyber Aware

Cyber Aware

Cyber Aware aims to drive behaviour change amongst small businesses and individuals, so that they adopt simple secure online behaviours.

Cybertech

Cybertech

Cybertech Conference & Exhibition presents commercial problem solving strategies and solutions for the global cyber threat that meet the diverse challenges for a wide range of sectors.

Inogesis

Inogesis

Nextcloud

Nextcloud

Nextcloud offers offers solutions to the combined need of security and ubiquitous access to data and collaboration technology.

Worldline

Worldline

Worldline IIoT solutions allow industrial companies to start their digital transformation journey with industrial level cyber security standards (IEC 62443 ready).

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference is a non-profit, annual, information security conference located in Halifax, Nova Scotia, Canada.

Avertro

Avertro

Avertro helps leaders manage the business of cyber. We help explain cybersecurity to executives, forecasting outcomes, right-sizing your spend, and validating your cyber strategy.

AgileBlue (Agile1)

AgileBlue (Agile1)

AgileBlue (formerly Agile1) is a managed breach detection company with an Autonomous SOC-as-a-Service for 24×7 monitoring, detection and guided response.

Unified National Networks (UNN)

Unified National Networks (UNN)

UNN’s mission is to unify the national networks and create a modern and cost efficient digital platform connecting the entire country.

NewsGuard Technologies

NewsGuard Technologies

NewsGuard provides transparent tools to counter misinformation for readers, brands, and democracies.

KTrust

KTrust

KTrust provides Continuous Threat Exposure Management for Kubernetes environments.

Keeran Networks

Keeran Networks

Established in Edmonton in 1999, Keeran specializes in delivering comprehensive IT support and solutions aimed at optimizing technology investments for businesses.

EVVO LABS

EVVO LABS

EVVO Labs empower your business with the latest IT capabilities to get you ahead of your competitors. We are experts at converging technologies to build your digital transformation.