Are
You Handing Over Your Passwords To Hackers?
Tips To Keep Your Passwords Safe
Data
theft and hacking is the nightmare that torments all corporate enterprises and
entrepreneurs in today’s technology-driven business ecosystem. Therefore,
password protection has assumed greater significance than ever. Passwords are
the first line of defence against any malicious intent hackers, and it is
imperative to use strong passwords to keep your computers and mobile devices
safe from falling prey to hacking or identity theft.
Unfortunately,
this is where poor password management practices adopted by employees bleed the
organizations repeatedly. According to the Verizon Data Breach Investigations
Report, more than 70% of employees reuse passwords at their workplace. The report further states that 81% of hacking-related
breaches are either due to stolen and/or weak passwords.
The
Dropbox data breach, which resulted in a massive 60 million user credentials
being stolen, had started with an employee reusing a password at work. Ignoring the password security tips not just
compromises the security of an individual user’s data but might also result in
severe consequences for the organization. This could lead to a financial as
well as credibility loss to the company.
To
help you address this concern, enumerated below are 7 password protection best
practices that enterprises use to defend themselves from cyber-attacks.
 |
| img src |
1.Don’t choose a weak password:
It’s
shocking to see that many people still use passwords such as “123456” or their
name 1234. Such passwords make the devices more vulnerable to cyber-attacks. A
strong password is a combination of alphabets, numbers, upper case, lower case
and special characters. A long password is always considered to be safer by
cybersecurity experts.
2.Use multifactor authentication:
With
the increasing number of online services emails, internet banking, a lot of
sensitive information of users is now stored in the mailbox. Only a password
does not prove to be sufficient to secure these accounts, which demands the use
of an additional layer of security. Many companies nowadays encourage their
users to go for a secondary layer of security, which can be an OTP generated
through call or SMS.
3.Create Password Blacklist:
Hacking
attempts become successful mostly due to easy to guess passwords. Hackers use a database containing most
frequently used password formats to target online users. Organizations should
educate the employees to maintain a password blacklist and avoid using mostly
used password format.
4.Different accounts need different
passwords:
Keeping
the same passwords for multiple accounts may provide convenience to users but
it opens the door for hackers. Often, users keep the same password for their
personal and official accounts like Outlook, CRM etc. which many times bring
the entire organization’s data at risk.
5.Apply Password Encryption:
Encryption
provides advanced protection to online accounts even if the password is
compromised. Reversible encryption or applying only one-way encryption are
common tactics for password security. However, this method will be of no use,
if the hackers manage to gain access to the organization’s database. End-to-end
password encryption is still regarded as the best technique of password
security.
However,
these methods are ineffective—if an attacker obtains the password database, it
would not be difficult to crack and compromise the passwords it contains.
Instead, the best practice is to consider end-to-end encryption that is
non-reversible. Storing a password in
plain text is considered to be the most dangerous practice as it’s easily
accessible by cybercriminals.
6.Consider a password manager:
A
password manager is a most widely used tool these days by users who have
multiple accounts to manage and it’s cumbersome on his or her part to do the
same. The tool keeps a complete track of the multiple user name and passwords
kept. Users just need to load these passwords only once and use a master key to
lock the same. So only the master key needs to be remembered by the user.
7.Arrange Regular Employee Training:
Training
employees regarding various cybersecurity guidelines reduce data breach
incidents considerably. It has been observed that more often data leaks occur
in organizations when a curious employee clicks on phishing links received via
emails. There is a need to periodically educate employees regarding the latest
phishing prevention tips and password best practices.
The
article has been written by Mr Sanjit
Chatterjee, CEO of REVE Antivirus.
0 Comments