Secure Cybersecurity Password Management Features
Passwords are one of the most critical elements of cybersecurity. Organizations are like houses, and passwords are the keys. Every single employee has their very own key – often with different levels of access to all kinds of important applications and systems.
For all the cybersecurity measures you can take, all it takes for someone to break into your business is for one person to have their key stolen or copied. Passwords stand between bad actors and your intellectual property, customer data, and trade secrets. This makes them a ripe target for attackers.
In all, 80% of data breaches are caused by stolen and reused credentials. Yet many employees remain naive to the dangers of insecure passwords. Two thirds of Americans reuse the same passwords across multiple accounts. 42% still rely on sticky notes to keep track of their passwords. And only a third change their passwords regularly.
Together, all this makes small and medium businesses vulnerable to attacks. However, there are steps IT professionals can take to fortify their defenses, from working with a secure password manager to making improvements to network security.
What is Password Management in Cybersecurity?
Password management refers to the controls and systems put in place to protect employees’ passwords. This increases the security of important systems and applications, making it significantly more difficult for attackers to access private networks.
What Does a Password Manager Do?
Password managers are cybersecurity applications that allow end users to store and generate secure passwords for a variety of applications and platforms. They typically create long, complex passwords that are not easily guessed, and automatically update employees’ passwords on a regular basis.
Password managers are protected by strong encryption, and remove the burden for employees to remember, and change, their own passwords. But like any cybersecurity initiative, there are pros and cons to working with a password manager.
Pros of Working with a Password Manager
- Automatically generate long, complex passwords that are difficult for attackers to guess
- Easy for employees to use
- Work across multiple devices and platforms
Cons of Working with a Password Manager
- Some are web-based only, and don’t work for offline applications
- All risk is condensed into a single point of vulnerability: the password to the password manager
For the majority, the pros outweigh the cons. Password managers provide additional security and remove the burden of secure password management from employees, representing a good move for most organizations.
Common Password Attacks
Before you set about integrating password management features into your organization’s IT infrastructure, it’s important to first understand the most common types of password attacks. By understanding the threat landscape, you can better plan your strategy, ensuring your networks remain as secure as possible.
Social engineering attacks exploit every organization’s greatest vulnerability: their people. The most common social engineering attack is phishing, where attackers impersonate legitimate sources and attempt to obtain account information, including passwords, from employees.
Trying Common Passwords
Many employees use common passwords. For years, the most common passwords globally have included “123456” and “password”. It takes attackers less than a second to guess these and breach your systems.
Equally dangerous is choosing passwords which could be easily guessed: employees might use their favorite sports team, or their children’s names, as passwords. In this case, it might take attackers minutes to crack an employee password.
Generally, employees should be encouraged to avoid using any identifiable information as part of their password – including addresses, pet names, and birthdays.
In a dictionary attack, the attacker will run through a list of words. Attackers are capable of trying thousands of words per second, so if your employees just have a single word as their password, they’re vulnerable – no matter how obscure the word. This is why many organizations now require passwords to include numbers, special characters, and capital letters.
Brute Force Attacks
Brute force attacks automatically try every possible combination of letters, special characters, and numbers until they find a solution. Brute force attacks work best against short passwords, only taking a few minutes to crack passwords that are four or five characters long.
The security of passwords increases exponentially as users add more letters, numbers, and characters to their passwords. A study from Ohio State University found it would take a brute force attack nearly 2,000 millenia to crack a ten character password with a combination of letters, numbers and special characters.
Hybrid attacks essentially combine dictionary attacks and brute force attacks, adding commonly used special characters and number combinations to a list of credentials stolen in a previous successful attack.
This works because employees tend to change their passwords minimally, even after a breach, for example, changing “password2021” to “password2022”. To avoid this, ensure your employees realize the importance of significantly changing their password after a breach.
Mask attacks are more advanced variations of hybrid attacks, and make a series of assumptions about how people typically choose passwords. It’s common to capitalize the first letter of a password, and to add numbers and special characters to the end of words, like “Password2021?”.
By making these assumptions, attackers are able to minimize the number of attempts it takes to successfully guess a password. Cybersecurity teams should make their employees aware of these types of attacks, and encourage them to avoid predictable password formats.
Attacks on Hashes
Attacks on hashes, also known as Pass the Hash attacks, don’t aim to guess passwords, rather they aim to steal the underlying hash and use that to access the system. Systems that use LM or NTLM authentication are at risk of attacks on password hashes.
To discover these vulnerabilities, organizations should conduct periodic vulnerability assessments. Salting, which adds random bits to password instances before they are hashed, also protects organizations from attacks on hashes.
Your Trusted Cybersecurity Partner: TechHeads
Unfortunately, many organizations are still vulnerable to the password attacks detailed here. Start improving your cybersecurity today by updating your password management policies and embracing strategies like managed detection and response and cybersecurity training.