Bringing passwords back into our security habits
May 6 is considered World Password Day.
Each year, this event is celebrated as a reminder of how computer security as we fear it today has been the result of long railway workers. The password is one of the first systems to be developed to protect connections and sessions. Today, while the proliferation of cyberattacks casts doubt on its effectiveness, its use remains essential.
This article will also interest you: Computer attack against SolarWinds: an intern pointed to password leak
Passwords per se are not a security issue. Rather, it is the practices that revolve around that make them vulnerable. A solid password can be reliable and protect any biometric data. But its apprehension is not as simple as average users believe.
"Many users still define the same password for all of their online accounts. This is a very risky practice, because once an account is compromised, the attacker has access to a wider variety of assets. Beyond this reuse, the definition of obvious passwords, such as 12345 or azerty, not updating them regularly, storing them within reach of the computer or sharing them with third parties is a royal route for cyber criminals. All of these bad practices increase the risk of a breach for a company because an attacker can more easily steal or hack these passwords. In view of the continued growth in the number of cyber threats, it is essential to train employees, to make them aware of good practices that enable effective management of identifiers and, above all, to build a strong first line of defence. explains Pierre-Louis Lussan, Country France and South-West Europe Director at Netwrix.
"Another important step is to use a password management software application that generates and then retrieves complex credentials and stores it in an encrypted database. In addition, using a password expiration tool that automatically reminds users to change their credentials before they expire is also an effective solution. This allows for regular combination changes without overloading the IT service with calls to reset expired passwords. advises our expert.
We know that today and that is a no-brainer. Poor password management can have very dramatic consequences. This applies not only to businesses but also to individuals. Cyber criminals are then on the lookout for the slightest relaxation, the slightest negligence at this level to launch a computer attack. It is for this reason that the attention of information system security officers. "If IT professionals can't update and secure the passwords of these privileged accounts, cybercriminals can hack them more easily and access the organization's network. Then, they can use compromised administrator credentials to bypass access controls on various computer resources or systems in order to access sensitive data. Pierre-Louis Lussan.
Now access an unlimited number of passwords:
