Are You Handing Over Your Passwords To Hackers?

Are You Handing Over Your Passwords To Hackers?

Tips To Keep Your Passwords Safe

Data theft and hacking is the nightmare that torments all corporate enterprises and entrepreneurs in today’s technology-driven business ecosystem. Therefore, password protection has assumed greater significance than ever. Passwords are the first line of defence against any malicious intent hackers, and it is imperative to use strong passwords to keep your computers and mobile devices safe from falling prey to hacking or identity theft.

Unfortunately, this is where poor password management practices adopted by employees bleed the organizations repeatedly. According to the Verizon Data Breach Investigations Report, more than 70% of employees reuse passwords at their workplace.  The report further states that 81% of hacking-related breaches are either due to stolen and/or weak passwords.

The Dropbox data breach, which resulted in a massive 60 million user credentials being stolen, had started with an employee reusing a password at work.  Ignoring the password security tips not just compromises the security of an individual user’s data but might also result in severe consequences for the organization. This could lead to a financial as well as credibility loss to the company.

To help you address this concern, enumerated below are 7 password protection best practices that enterprises use to defend themselves from cyber-attacks.

img src

1.Don’t choose a weak password:

It’s shocking to see that many people still use passwords such as “123456” or their name 1234. Such passwords make the devices more vulnerable to cyber-attacks. A strong password is a combination of alphabets, numbers, upper case, lower case and special characters. A long password is always considered to be safer by cybersecurity experts.

2.Use multifactor authentication:

With the increasing number of online services emails, internet banking, a lot of sensitive information of users is now stored in the mailbox. Only a password does not prove to be sufficient to secure these accounts, which demands the use of an additional layer of security. Many companies nowadays encourage their users to go for a secondary layer of security, which can be an OTP generated through call or SMS.

3.Create Password Blacklist:

Hacking attempts become successful mostly due to easy to guess passwords.  Hackers use a database containing most frequently used password formats to target online users. Organizations should educate the employees to maintain a password blacklist and avoid using mostly used password format.

4.Different accounts need different passwords:

Keeping the same passwords for multiple accounts may provide convenience to users but it opens the door for hackers. Often, users keep the same password for their personal and official accounts like Outlook, CRM etc. which many times bring the entire organization’s data at risk.

5.Apply Password Encryption:

Encryption provides advanced protection to online accounts even if the password is compromised. Reversible encryption or applying only one-way encryption are common tactics for password security. However, this method will be of no use, if the hackers manage to gain access to the organization’s database. End-to-end password encryption is still regarded as the best technique of password security.

However, these methods are ineffective—if an attacker obtains the password database, it would not be difficult to crack and compromise the passwords it contains. Instead, the best practice is to consider end-to-end encryption that is non-reversible.  Storing a password in plain text is considered to be the most dangerous practice as it’s easily accessible by cybercriminals.

6.Consider a password manager:

A password manager is a most widely used tool these days by users who have multiple accounts to manage and it’s cumbersome on his or her part to do the same. The tool keeps a complete track of the multiple user name and passwords kept. Users just need to load these passwords only once and use a master key to lock the same. So only the master key needs to be remembered by the user.

7.Arrange Regular Employee Training:

Training employees regarding various cybersecurity guidelines reduce data breach incidents considerably. It has been observed that more often data leaks occur in organizations when a curious employee clicks on phishing links received via emails. There is a need to periodically educate employees regarding the latest phishing prevention tips and password best practices.

The article has been written by Mr Sanjit Chatterjee, CEO of REVE Antivirus.

content source