Principle of Least Privilege
We are already in the month of May, and you know what we celebrate on the first Thursday of this month, rigtht? That’s correct, it is World Password Day. Celebrated since 2013, this day reminds us of adequate cyber awareness and the importance of password protection in all environments, whether professional or personal. It is not for nothing that passwords are called digital identities.
Our life has been linked more and more to the online world. Not only in relation to work, but also to learning, fun – our and our children’s, even physical activity, and much has been accomplished in digital environments, especially considering the covid-19 pandemic. And in these new times, when a large number of people perform activities remotely from devices without the proper cyber protection mechanisms, it is important to redouble the care with passwords and other sensitive data. Thus, we explain the importance of passwords and their adequate protection for users and organizations in this article.
The combination of user and password has been used as a basic defense mechanism for computer systems since the beginning of their implementation, preventing unauthorized access to data stored on systems and devices. Despite the creation of authentication mechanisms without a password, such as biometrics or one-time passwords (OTP), the combination of user and password is still widely used to access systems and devices. This is because such combination is easy and inexpensive to implement.
In a digital transformation scenario, the multiplication of systems, devices, and their respective credentials is a perfect scenario for malicious attackers to collect passwords and, thus, access data improperly. After all, remembering a password is much easier than the dozens (or even hundreds) of services that require some kind of authentication. It is estimated that the number of passwords per user is between 70 and 100.
Are you enjoying this post? Join our Newsletter!
According to Cybersecurity Ventures, the world ended 2020 with 300 billion passwords to protect. And the trend shows this number will increase dramatically. Email accounts (personal and professional), banking services, corporate systems, devices, and applications are some examples that require authentication through passwords. And with the increase in the number of data leaks, it is easy to find compromised credentials on forums on the dark web being sold for pennies.
And yes, we know that it is not easy to manage so many passwords. Even the most tech-savvy can struggle to manage and protect credentials in so many different environments. In times of personal data protection legislation, such as LGPD and GDPR, ensuring the protection of such data has become more than a security requirement – it is a business must.
Despite all the risks associated with their use, many users and companies use passwords that are easy to guess, such as numbers or sequential letters (123456 or abcdef). SolarWinds itself, the victim of a serious attack on its supply chain, was using the password solarwinds123 in its infrastructure. Certainly, your email password or mine is stronger than the one used by this American technology company.
So, on this World Password Day, here are some tips that should be considered by users to keep their data protected:
- Use long and complex passwords. This prevents hackers from using techniques to guess them. However, just using complex passwords may not be enough to protect them from hackers.
- Many devices are configured with default passwords. Change them immediately.
- Avoid reusing your passwords on different accounts. Also, constantly check if you have already been the victim of a data leak through senhasegura Hunter. If so, change your passwords immediately.
- Configure your passwords to be changed frequently. The ideal is at least every 3 months.
- Do not write down, store in an easily accessible place, or share your passwords with others, thus avoiding unauthorized access.
- Consider password management solutions, or even privileged access management (PAM), to manage the use of systems and devices.
- Use Multiple-Factor Authentication (MFA) mechanisms to add a layer of security to your accounts.
- Set up means of retrieving access, such as including phone numbers or emails.
Passwords are one of the oldest security mechanisms in the computing world and are also one of the main attackvectors by hackers. And in the “new normal” era, with increasing threats resulting from the covid-19 pandemic, it is vital that users be alert and properly protect their digital identities. In this way, we can avoid cyberattacks that can cause considerable damage not only to people, but also to companies. And on this World Password Day, remember: security starts with you!