• Latest
  • Trending
9 Reasons to Adopt a Corporate Password Manager

9 Reasons to Adopt a Corporate Password Manager

June 20, 2022
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022
Huawei steps up drive for Kenyan talent

Huawei steps up drive for Kenyan talent

July 15, 2022
TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

July 15, 2022
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
Top 10 apps built and managed in Ghana

Top 10 apps built and managed in Ghana

July 15, 2022
MTN Group to Host the 2nd Edition of the MoMo API Hackathon

MTN Group to Host the 2nd Edition of the MoMo API Hackathon

July 15, 2022
KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Monday, 6 February, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

9 Reasons to Adopt a Corporate Password Manager

by ITECHNEWS
June 20, 2022
in Leading Stories, Opinion
0 0
0
9 Reasons to Adopt a Corporate Password Manager

Today, May 5, is World Password Day. It has been almost 20 years since Intel first launched the initiative in 2013, yet still, most people are using and reusing easy to crack passwords, not protecting them and even sharing. In addition, most of us don’t even realize how many passwords we have.

Teaching password security in the early 2000s would usually start with a question to the audience: how many of you have up to 10 passwords to remember? How about 25? Anyone with more than 50? Today I usually start with, “how many credentials do you believe to have still active? Less than a hundred?”

YOU MAY ALSO LIKE

Inaugural AfCFTA Conference on Women and Youth in Trade

Instagram fined €405m over children’s data privacy

It’s interesting how it builds up. Many people will not know how many credentials they decided to store in their browser. It could be a credential used many times a month, or maybe that one you had to create in that online store you bought from only once but needed to track your order. The fact is that it is almost impossible to know. If you usually save your credentials within the browser, you might learn about it when you are infected by malware that steals your browser credentials, like the recent BlackGuard. Or when someone gets access to your e-mail – the most used method to reset passwords. At this point, your digital life is done!

Yet, it doesn’t have to be this way. Password managers can help you better control your credentials, especially if you think in terms of corporate use. Let’s look at some areas where it can help mitigate password related issues:

  1. Password sharing: You may easily share over the phone a password such as “football123.” Now try to share “tNNi^M$E*@Ep7LD&.” Not that easy. This could help prevent intentional sharing or through social engineering.
  2. Reusing corporate passwords for personal applications: The company made me create a new password with caps, letters, numbers and special characters. I use my creativity and use “Football@123.” Yet, since I have this nice, secure password, why not use it in other places? Maybe my TV streaming service, which I share with my daughter, who shares with her boyfriend. Remember, you don’t have control over passwords outside the company. In this example, your daughter’s boyfriend has your company credentials. A complex password is nice, but try entering “tNNi^M$E*@Ep7LD&” in your smart TV.
  3. Same password for everything: Users can memorize a few passwords, maybe three or four. The rest are just variations. Users will try to use the same password everywhere, maybe with some slight variations. A corporate password might be floating in dozens of uncontrolled accounts. Password managers will train the user to create a different password everywhere. After all, it will create it for you and fill it out during the authentication.
  4. Credential leak in the dark web: I’ve been a LinkedIn user for quite a long time, and they had leaks at least a couple of times, so my credentials ended up on the dark web. There is nothing you can do about it except reset your password. The problem is that it can take time for you to realize it has happened. It’s not your fault, but the company you have an account in was unfortunately attacked, and your password – which you probably use for dozens of other accounts – is now exposed. Yet, most websites will not store your password completely open; they will use a hash of your password. So, attackers still need to crack the passwords. If you have an easy one, even a combination of words, there is a high chance it will be cracked. A long and complex password cannot be hacked with the current computer power. So even if a leak happens, a password generated by a password manager will most likely be protected.
  5. Easy to crack passwords: There are attacks such as password spraying that will use simple passwords. Other attacks, using dictionaries for longer passwords, can be quite effective in cracking easy passwords. Passwords hashed, including salt – an additional variable – can be cracked with multiple letters/numbers of combinations up to 8 characters only. Passwords with up to 12 characters and regular hash can usually be cracked with no problems. Passwords with 16 characters, like the ones generated by the password manager, can’t be cracked with multiple combinations.
  6. Shared admin passwords: Companies sometimes have shared credentials and an administrator password that is shared between all the IT admin staff. Even when complex passwords are used, how do you ensure they are not exposed? In a recent attack, hackers found a spreadsheet containing multiple admin credentials in a company. Jackpot! Corporate password managers will most likely secure share passwords between individuals, where they are always stored in a vault.
  7. Password exposure for MSP managed accounts: MSPs will always have admin credentials used to access their managed accounts, one or more per account, shared between groups of MSP technicians. The leak of those credentials could be a disaster for an MSP, exposing their managed accounts to the risk of remote connections and spreading ransomware. Password vaults can be very effective in those situations.
  8. Corporate applications with no MFA support: Most serious business applications will support multi-factor authentication (MFA), usually through the SAML protocol, which creates a trust relationship with an identity provider. Some might have their own MFA solution. However, there are still many applications that don’t understand much about the need for MFA. Companies like Salesforce not only support but have been enforcing them since February 2022. Yet, for applications not supporting MFA, the least you need to do is make sure the credentials are unique and not reused. Password managers won’t help in every situation, such as phishing websites. Nevertheless, it can drastically reduce exposure.
  9. Password carelessness by users: User training is always important to protect against phishing attacks, or even speaking a password over the phone, because the person on the other side of the line said they are from your bank and need to unlock your credit card. Password managers can be effective in helping train the users, making them understand the importance of keeping a password safe and reducing the chance of using it in dangerous situations.

You might ask, what about passwordless authentication? This is a growing trend, but there are just a very few situations where you can use it. Logging into your computer with your face most likely won’t help you log into other websites. Changing your mobile phone app login to your fingerprint creates a great user experience but can’t be used if you need to log in through your computer.

The fact is, passwords are not going away, and until there is a solution that covers all the cases in the company, password managers can be effective in mitigating those risks. Think seriously about this use.

Source: Alexandre Cagnoni director of authentication, WatchGuard Technologies
Tags: 9 Reasons to Adopt a Corporate Password Manager
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022

Recent News

  • Inaugural AfCFTA Conference on Women and Youth in Trade September 6, 2022
  • Instagram fined €405m over children’s data privacy September 6, 2022
  • 5.7bn data entries found exposed on Chinese VPN August 18, 2022
  • Fibre optic interconnection linking Cameroon and Congo now operational July 15, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version