Password protection has many well-discussed drawbacks. But one of them has received surprisingly little attention. And that is how and when organizations can find out if their data has been compromised by outsiders. This lack of interest is surprising. Although this is a highly important subject most of the companies don’t care at all. But why does it matter? Here’s the importance of password protection intelligence!
The Importance of Password Protection Intelligence
Almost all cyberattacks today use stolen or leaked credentials (password + username). This makes any compromise a critical event in the construction process. The attacks that take advantage of credentials even include ransomware attacks. Companies usually use traditional defenses against this issue. They recommend their employees to change their passwords depending on the time frame. They usually assume that a compromise is possible within 3 or 6 months. But this has always been a crude defense that risks encouraging reuse as users try to cope with constant resets.
In 2016, the National Institute of Standards and Technology advised organizations not to allow automatic password changes unless they can no longer access employee accounts by a pin code. The erroneous assumption is that after losing the password (with or without a username) it is not possible to determine that this is happening. In fact, there is a way to query databases of password leaks from dark network sources to see if a known password or password is available.
Why Does it Matter?
Although the idea of monitoring criminal sites for password leaks is not new the trick is to find a way to integrate them into password management systems. Public databases such as Have I Pwned? have been around for years now. But without this integration, password discovery would risk becoming a management routine. This would load IT, staff, with alerts that they were having trouble responding to.
One company that believes it has solved the problem is Authlogics. This company integrated a password cracking database containing 4.1 billion leaked credentials into the company’s password security management system. They have also shared their insights on this new tactic in a podcast. In the podcast, IT security expert editor John E. Dunn and CEO Stephen Hope discuss the complex design issues that have arisen before Authlogics and give recommendations to other companies.
What Do We Recommend?
When accounts or identities are seized, poorly and persistently used passwords play a significant influence in illicit network access. As a result, users must use separate, unique, and strong passwords for each account. As a company, we try to improve both individual and communal safety by giving the following recommendations and suggestions. A password serves as a barrier between you and your sensitive and private data. This barrier protects your data from cybercriminals. You also may protect your accounts from criminals by setting secure passwords. If you have trouble remembering your passwords, we recommend password manager applications.
Other than that, increasing cyber awareness is quite important. For this, we recommend our Awareness Educator. Our tool provides you with lots of different training modules that can help your get familiar with advanced cyber security measures. Be sure to check out our tool and many more from our website!