If you have passwords, and you know you do, you’re going to have to face Ch-ch-ch-ch-Changes. Don’t let it be too scary.
Many Small and Medium Enterprises (SMEs) may think they don’t have the budgets or the means for effective cyber security. But if they change the way they manage the one security element that hackers exploit most – privileged credentials – they can be much more secure.
People using the same passwords for multiple accounts is a problem. People writing passwords down or user fatigue with password management as an excuse to justify weak passwords are big issues. Simple passwords get cracked more easily, and when people reuse passwords a hack on your favorite dog food delivery service means they have a password that exposes corporate data.
In general, the truth is this – passwords are neither obsolete nor impractical. However, credential management has evolved to a process that takes passwords out of the hands of IT administrators.
More than 1 out of 8 IT security professionals admit to being able to access previous employers’ systems using their old credentials, a new survey from Lieberman Software reveals.
Like the regular ticking of a clock, I hear the siren song of “the end of passwords” from pundits. Practically speaking, the issue is not so much that passwords are bad or inherently insecure; the core problem is with their sizes/uniqueness, disclosures and lifetimes. When humans pick passwords and manage them, we make a compromise between convenience and security – usually erring on the side of convenience.
Basic eight-character passwords can now be cracked by consumer password recovery software in well under an hour. More experienced hackers armed with rainbow tables and other free tools can crack 14-character passwords – including alpha-numeric passwords with special characters – in less than three minutes.
There’s just too much misinformation out there about securing application credentials.