Protecting passwords – tricky task for UK organizations
(Last updated on September 19, 2018)
More than 25 percent of UK organizations experienced a data breach in 2017 and 80 percent expect the issue to escalate in 2018. Protecting passwords is top of mind for IT professionals across public and private sectors, but there isn’t a one-size-fits-all solution to the problem.
The InsideTech white paper, The 2018 Password Protection Landscape, looks at how organizations are dealing with the challenge of protecting passwords as part of their cybersecurity strategies.
Marcus Kaber, CEO at Specops Software says: It’s excellent to see such a widespread appreciation of the important role played by password in security strategies across the UK. Yet, as the issue of cyberattacks becomes more prevalent, organizations must ensure they are prepared to deal with these threats effectively and quickly, whatever form they take – and password security presents the first line of defense.”
Protecting passwords against social engineering and password misuse:
- Turn on 2FA or MFA
Use two-factor authentication (2FA) or multi-factor authentication (MFA) everywhere you can, to eliminate a single point of failure.
- Ban common passwords
Follow the recommendations from NCSC and implement a password blacklist, which blocks common/predictable passwords from being used.
- Enable passphrases
Passphrases, a combination of words that are meaningless together, are easier to remember and harder to crack.
- Educate employees
To protect employees from the most common attacks, a security awareness training program is a good idea. The responsibility to educate on the importance of password security best practices usually falls on the IT department.
A few months ago, we asked our IT peers on Spiceworks to help us identify some common mistakes new administrators make. With more than a 100 replies, there were some definite patterns, or perhaps I should say mistakes. Here’s what they had to say: Not terminating stale accounts Stale accounts earn the top spot because…Read More
If you can’t beat them, join them. The classic proverb pretty much sums up how organizations have managed the growing number of personal devices in the workplace. Thanks to Bring Your Own Device (BYOD), what could have been a tug of war, now means IT acceptance and end-user satisfaction. And while that particular movement has…Read More
Knowledge based authentication (KBA) has long been used as the backup verification method when someone has forgotten their password. But even if it is regularly in use, it fails to deliver on the identity verification promise. Static and dynamic KBA There are two different types of KBA: static and dynamic. Static KBA is a list…Read More