Today, keeping a strong password is not a solution anymore. Cyber awareness is also very important to each and every person. Most of the people are using same passwords across the websites which is a reason they gets compromised.
We have discussed following topic with security researchers on World Password Day.
- How difficult is password management currently?
- What are the new risks for end-users to be aware of?
- Security Tips?
Yehudah Sunshine, Cyber Security, ODIX
Password management on an individual scale is as complicated as a user chooses. On some level, the process can be tedious either involving a numbing array of unique alphanumeric combinations with no common thread and infinite sign in locales or on the other end infinitely ignored and ultimately at huge risk to compromise. For Larger organizations, the ability to maintain a secure bank of vital login details, accessible to key staff is both complicated to effectively centralize and time-consuming to ensure that it stays encrypted and unbreached. While many tools exist on the market to simplify the process, most estimates say that less than 3% of average users rely on these safety nets.
From large-scale breaches which can copy and propagate sensitive data across broad dark web and public channels to the risks of centralized data reservation, users and organizations alike must be prepared to insolate access and constantly alter passwords to stay one step ahead of hackers. For end-users, specifically multifactor authentication, biometric authentication and other additional layers to ensure identity security must be implemented to ensure your passwords remain safe.
- Use encryption
- Use Multifactor authentication
- minimal central depository access
- increase employee cyber training and awareness programs.
Also See- 123456 is most Common Passwords used by Billion’s
Falgun Rathod – CEO of Cyber Octet
Password Management is not a bigger task at all.
All you need is to have better common information security skills like techniques to keep password safe in Lockers which are available in the market commercial as well as open source.
Secondly Passwords kept somewhere should be encrypted with good encryption algorithms.
Now a days most of the apps stores the keys on application side or hardcode which makes it vulnerable.
So Managing Password and encryption is all you can do. Don’t forget to change password more often. You can have password policy in place at on organisation level.
For End Users, Passwords should not be common words or combination of our private information. Because now a days most of information we share with feedback, survey or on social media.
Passwords should not be written and should have good tool. There are many tools we can use to store password which give better safety and security of it.
Also see- How Hackers can steal your passwords?
Vinod Senthil – CTO Infysec
As there are lot of breaches that we constantly see, and keeping that aside. Talking about end users.
There are two possible sites are suggest
1. Passwordsecure.com and
2. passwordmeter.com.
These two websites will tell you how strong your Password is if the Password is not strong like it is only with small letters and like alphanumeric camel cases. In Camel’s case, a capital letter and a small letter combine.
How many of us have different Passwords for different sites? Many of us have a single Password with more than three different sites with Google, LinkedIn, Facebook, etc. The interesting part is that How many of us have actual different Passwords of each of these sites? There are not many. Human is always weakest link of any chain. That’s truly a fact here. Because you get hacked in one site, the attacker knows the other two sites’ Passwords also, isn’t it? So that is something I want to register here.
So, Please do not have the same Password for multiple sites. There is an interesting line, “Passwords are like your girlfriends name, change it often.” There are new technologies coming up, which are having bio or behavioral-based passwords—otherwise, Passwordless Password, etc. And I think the only when the system understands us and identifies us is when you truly secure your system and password-less system. So if I know your username password, I immediately impersonate you. The computers don’t recognize me as a different person.
But I think it is important that behavioral-based, machine learning-based, and artificial intelligence-based systems come into the picture, and we all start using them. And I think Google is already come up with a very interesting prototype of such models. You don’t need to have passwords.
