Keepnet Labs Logo
Keepnet Labs > blog > the-importance-of-password-protection-intelligence

The Importance of Password Protection Intelligence

Password protection has a number of well-known disadvantages. One of them, though, has gotten remarkably little notice. That’s how and when businesses can find out if their data has been hacked by outsiders.

The Importance of Password Protection Intelligence - Keepnet Labs

Password protection has many well-discussed drawbacks. But one of them has received surprisingly little attention. And that is how and when organizations can find out if their data has been compromised by outsiders. This lack of interest is surprising. Although this is a highly important subject most of the companies don’t care at all. But why does it matter? Here’s the importance of password protection intelligence!

The Importance of Password Protection Intelligence

Almost all cyberattacks today use stolen or leaked credentials (password + username). This makes any compromise a critical event in the construction process. The attacks that take advantage of credentials even include ransomware attacks. Companies usually use traditional defenses against this issue. They recommend their employees to change their passwords depending on the time frame. They usually assume that a compromise is possible within 3 or 6 months. But this has always been a crude defense that risks encouraging reuse as users try to cope with constant resets.

In 2016, the National Institute of Standards and Technology advised organizations not to allow automatic password changes unless they can no longer access employee accounts by a pin code. The erroneous assumption is that after losing the password (with or without a username) it is not possible to determine that this is happening. In fact, there is a way to query databases of password leaks from dark network sources to see if a known password or password is available.

Why Does it Matter?

Although the idea of monitoring criminal sites for password leaks is not new the trick is to find a way to integrate them into password management systems. Public databases such as Have I Pwned? have been around for years now. But without this integration, password discovery would risk becoming a management routine. This would load IT, staff, with alerts that they were having trouble responding to.

One company that believes it has solved the problem is Authlogics. This company integrated a password cracking database containing 4.1 billion leaked credentials into the company’s password security management system. They have also shared their insights on this new tactic in a podcast. In the podcast, IT security expert editor John E. Dunn and CEO Stephen Hope discuss the complex design issues that have arisen before Authlogics and give recommendations to other companies.

What Do We Recommend?

When accounts or identities are seized, poorly and persistently used passwords play a significant influence in illicit network access. As a result, users must use separate, unique, and strong passwords for each account. As a company, we try to improve both individual and communal safety by giving the following recommendations and suggestions. A password serves as a barrier between you and your sensitive and private data. This barrier protects your data from cybercriminals. You also may protect your accounts from criminals by setting secure passwords. If you have trouble remembering your passwords, we recommend password manager applications.

Other than that, increasing cyber awareness is quite important. For this, we recommend our Awareness Educator. Our tool provides you with lots of different training modules that can help your get familiar with advanced cyber security measures. Be sure to check out our tool and many more from our website!



Schedule your 30-minute demo now

You'll learn how to:
tickAutomate behaviour-based security awareness training for employees to identify and report threats: phishing, vishing, smishing, quishing, MFA phishing, callback phishing!
tickAutomate phishing analysis by 187x and remove threats from inboxes 48x faster.
tickUse our AI-driven human-centric platform with Autopilot and Self-driving features to efficiently manage human cyber risks.
iso 27017 certificate
iso 27018 certificate
iso 27001 certificate
ukas 20382 certificate
Cylon certificate
Crown certificate
Gartner certificate
Tech Nation certificate