Passwords: A Hacker’s Best Friend

After all the years of talk about biometrics and multi-factor authentication, we still have passwords and will likely have them for a long time. Tomorrow, I will be hosting a webinar on why hackers love passwords. Because many “high risk” systems require complex passwords (zk7&@1c6), most people that use them believe their passwords are secure. Hackers know this and can easily exploit it to gain access to many systems. To demonstrate this point, we will review at some of the recent high profile breaches and learn that hackers go after end-user and system administrator credentials in almost all of the cases. With all of these recent high profile breaches involving passwords, it is hard to understand why so many companies are still poorly managing their passwords. We will explore the common myths about passwords as well as several bad corporate practices and then discuss what you and your company should be doing. It' actually not that hard to remediate these bad practices – and the result improvement in security is significant. These are the most common bad practices that I see at many companies large and small:

• Allowing users to operate with admin privileges
• Using common admin passwords across multiple PCs
• Not requiring strong multi-factor authentication to sensitive apps / data
• Not following tight privileged account management and policies
• Not requiring mandatory privileged session management for all admin access

We will delve into each of these and again lay out the best practices that are being followed by many leading companies. The focus of this webinar is proper password management, and preventing a breach. Unfortunately, as we know, we must have more than strong prevention, we also must have strong detection and response capabilities for when a well funded and talented organization is attacking you. So, we will briefly review some of the things you should be doing to better detect when you are under attack. Want to learn more? Watch this webinar on-demand.