Advertisement
Monday, Oct 18, 2021
Outlook.com
Outlook.com

Passwords: Your First and Often Weakest Defence

Passwords: Your First and Often Weakest Defence
outlookindia.com
1970-01-01T05:30:00+0530
(Eds: Disclaimer: The following press release comes to you under an arrangement with Mediawire. PTI takes no editorial responsibility for the same.)

Sunil Sharma, Managing Director- Sales( India & SAARC), Sophos

Password security continues to be a challenge for people and businesses across the world, and in the wake of the Colonial Pipeline ransomware attack where a single password was the key to hackers breaching the entire network, businesses should assess their own password practices.

In a recent experiment by Sophos Labs, the cybersecurity team were able to guess, by hand, 17 of the top 20 passwords in Have I Been Pwned’s Pwned Passwords in under two minutes.

So, if you are trusting your personal security to be protected by ‘qwerty’ or ‘12345’, you are setting yourself up to be hacked.

However, even if you deploy a long and strong password with a combination of letters, numbers and special characters, your password still isn’t bullet proof. There are multiple ways cybercriminals can get hold of passwords without having to guess your dog’s name.

For example, some internet services still store plaintext passwords, whether due to bugs in their system or sloppy practices. Google and Twitter have both flagged this issue with users in recent years, and while plaintext data storage is now rare, it still occasionally happens. As a result, when hackers compromise one of these servers, they can access every user’s data with no decryption required.

Malware also plays a significant role in how hackers can steal passwords. If a server has been hacked, it could host memory-scalping malware, which can find raw passwords while they are being checked, even if the password never gets saved to the disk. Keylogging malware can also be downloaded to your device directly, which captures passwords and other sensitive data as you type them. This is why employing a strong antivirus solution is integral across personal and professional devices.

Once hackers have your password, it doesn’t matter how complex or long it is, they can access every other account that shares it. This process is known as credential stuffing. If a password works on one account, it costs a hacker almost no time or effort to try that same one on other accounts.

While using one password across all accounts will leave you vulnerable, using passwords that are obviously linked should also be avoided. If your Facebook password is ‘FBpassword123’, it isn’t a far reach that your Twitter password might be ‘TWpassword123’, making this strategy no safer from credential stuffing than using the same password for everything.

So, how can people and businesses protect their account logins effectively?

• Don’t re-use passwords. Similarly, don’t use a template for your passwords that is modified slightly for each different account. Cybercriminals are on the lookout for this and will get around it.

• Use a password manager.Password managers will generate random and unrelated passwords for each account, meaning even if one password is compromised, the rest of your accounts stay safe. Remember that you don’t have to put all your passwords into a manager app if you don’t want to: it’s okay to have a special way of dealing with your most important accounts, especially if you don’t use them often.

• Turn on 2FA if you can. While two-factor authentication doesn’t guarantee your account’s safety, it stops criminals carrying out attacks on a broad scale, as passwords alone won’t grant access.

• Install antivirus protection on all your devices to protect yourself from malware. As well as antivirus software on your computer, you should also consider installing an antivirus app on your mobile device, such as Sophos Intercept X for Mobile. Make sure these apps are updated and run regular scans to protect your devices.

• Report payment anomalies. Track your outgoing and incoming payments for irregularities, and report any errors as soon as possible, no matter how small the amount. Report errors as soon as you see them, even if you didn’t lose any money. The sooner you report it, the sooner you can secure your account.

Click here for more information : https://www.sophos.com/en-us/products/endpoint-antivirus.aspx

PWR

PWR


Disclaimer :- This story has not been edited by Outlook staff and is auto-generated from news agency feeds. Source: PTI

More from Website

BAN Vs SCO, ICC T20 World Cup 2021: Scotland Stun Bangladesh On First Day Of Tournament

BAN Vs SCO, ICC T20 World Cup 2021: Scotland Stun Bangladesh On First Day Of Tournament

This is Scotland's second win in a World Cup, the first coming in the 2016 edition of the tournament against Hong Kong.

Indonesia Beat China To Lift Thomas Cup Trophy After 19 Years

Indonesia Beat China To Lift Thomas Cup Trophy After 19 Years

Indonesia are the most successful nation in the history of the team championship of men's badminton with 14 titles.

Bayern Munich Beat Leverkusen 5-1 To Go Top Of German Bundesliga

Bayern Munich Beat Leverkusen 5-1 To Go Top Of German Bundesliga

Four goals in seven minutes left Leverkusen in tatters before half-time as Bayern made a statement win to underline why it's chasing a 10th consecutive title.

More from Outlook Magazine

An Unfolding Dalit Movement In Tamil Nadu Has Escaped Nation’s Attention

An Unfolding Dalit Movement In Tamil Nadu Has Escaped Nation’s Attention

Poet and activist Meena Kandasamy visits ground zero of the grassroots movement down South to understand the caste divide in the state.

India Needs A Caste Census To Know Where The Marginalised Stand In The Development Index

India Needs A Caste Census To Know Where The Marginalised Stand In The Development Index

The aim of a caste census is not to know the numerical strength of a caste. Rather, it would reveal social inequalities for possible remedial measures.

Lakhimpur Kheri: Heartbreak And Tears As Families Try To Cope With Personal Grief

Lakhimpur Kheri: Heartbreak And Tears As Families Try To Cope With Personal Grief

Kin of killed farmers, BJP members have the same demand—justice for the dead.

Advertisement

Outlook Newsletters

Advertisement
Advertisement