Skip to main content

Best Practice Tips for Password Administration from Tech Security Insiders



Passwords have been an industry-standard as well as industry headache for a considerable length of time and their administration henceforth has become the misery of end-users and IT administrators, yet there are alternatives to take advantage of the experience and reduce their headaches.

And so here are several industry experts discussing the challenges of and solutions to passwords.


  1. Matt Davey, COO at 1Password, an online password management provider; 
  2. Daniel Smith, head of security research at Radware, a security solutions provider; 
  3. Rick McElroy, principal security strategist at VMware Carbon Black, a virtual security platform; Matt Wilson, chief information security advisor at BTB Security, a security solutions provider; 
  4. And Ben Goodman, CISSP and senior vice president of global business and corporate development at identity platform provider ForgeRock.


The first issue discussed was the current challenges faced with passwords, Matt Davey was of the view that “Even though for many years we've relied on passwords to securely access the apps and services we use daily, both at home and at work. Today, as many of these services move to the cloud and breaches become bigger and more frequent, password authentication is even more critical, particularly for enterprises.”

Whereas Matt Wilson says, “Since the dawn of the first password we've struggled with largely the same issues; selecting strong, unique, passwords, remembering and storing them, and changing them periodically. People pick bad passwords and share them across multiple accounts for a very simple reason: It's easier to remember.

As attackers have developed and refined their toolsets, they've increased their capabilities to attack our accounts. Their speed of attack, the volume of guesses, the ability to mask their location/identity, and the "intelligence" they've developed to make better guesses make protecting our accounts more difficult than ever before.”

The second topic of discussion was the remedies and as per Daniel Smith, “Password hygiene is one of the biggest problems that both organizations and individual users face today. One of the easiest ways to combat and remedy the issue with password hygiene is through the use of a password manager and the use of multi-factor authentication.

Using a password manager naturally encourages users to not reuse passwords, and there are plenty of user-friendly options available to both consumers and the enterprise. Multi-factor authentication simply creates an extra step for accessing any account, and can be the barrier needed to stopping unwanted access.”

But when the last question was addressed i.e. what will replace the password problem in the future. Rick McElroy was quick to answer by referring to the current state of pandemic observed by the world, he says, “Short term, it looks like hand and fingerprint biomarkers, two-factor authentication with a mobile device and, in a post-COVID-19 world, facial recognition will be rolled out faster than ever. At some point in the future, DNA will probably be used to verify identity in the medical field but may not be applied to say a laptop and windows login currently.

Long term, I could see a future where a combination of measurements like a heartbeat and brain waves could be used. These types of identification systems are already being beta tested on battlefields to ensure the right criminals and insurgents are being arrested and to protect innocent lives. I would not be shocked to see that deployed at some point in the future.”

And lastly, Ben Goodman was of the opinion that, “Passwords should become a thing of the past. Today, organizations can solve the challenges that come with passwords by leveraging technology that can provide a passwordless user journey.

By adopting a passwordless approach, organizations provide users with frictionless, secure digital experiences. With the use of biometrics or push notifications, organizations can bring the same effortless authentications users have experienced on their smartphones, with technologies like FaceID from Apple or Samsung's Ultrasonic Fingerprint scanner, to every digital touchpoint while ensuring security.”

And since as a feature of an intelligent authentication strategy, passwordless authentication empowers future-proof access so as to improve the customer experience and guaranteeing security by pushing suspicious users to 'additional verification'.

So it is clearly evident from this above discourse that organizations don't have to wait for any further to comprehend and solve password issues: If only they choose the correct arrangement, passwordless verification is conceivable even today.


source https://www.ehackingnews.com/2020/04/best-practice-tips-for-password.html
Labels:

Comments

Post a Comment

Popular posts from this blog

Provider Volia reported to the cyber police about the intense cyberattacks on the server

Cable provider Volia appealed to the Cyber Police on the fact of fixing a DDoS attack on the Kharkov servers of the company, which has been ongoing since May 31. "For three days, from May 31 to today, the Volia infrastructure in Kharkov is subjected to cyberattacks. At first, they were carried out only on subscriber subsystems, later they switched to telecommunications infrastructure. As a result, more than 100,000 subscribers experienced problems using the Internet, IPTV, multi-screen platform, and digital TV," said the company. In total, the complete lack of access to Volia's services, according to the provider, lasted 12 minutes on May 31, 45 minutes on June 1. There was also an attack on the website volia.com, but it was managed to neutralize. "DDoS attacks were massive and well-organized. The type of attack is UDP flood and channel capacity overflow with the traffic of more than 200 GB. UDP is a protocol used for online streaming services - streaming, te...
Post a Comment
Read more

Information security experts have warned Russians about bonus card fraud schemes.

Fraudsters several thousand times tried to illegally take advantage of discount bonuses of Russians in 2019. Some attackers gained access to customers' personal accounts, and then bought the products using bonuses, said Alexey Sizov, head of the anti-fraud department of the Application Security Systems Center at Jet Infosystems. According to him, a fraudster can register a personal account on a card that was issued to another person. The victim will accumulate points without knowing about the existence of his profile, and the attacker will write off bonuses, said Sizov. The expert added that this is mainly done by novice scammers. According to him, loyalty programs are poorly protected, unlike banking operations. He said that they are estimated at 50 billion rubles ($760 milliard) for the 30 largest retailers. Alexey Fedorov, Chairman of the Business Russia Trade Committee, said that in 2019, the number of bonus and discount thefts "increased significantly." ...
Post a Comment
Read more

Apple Plans to Expand Cloud-Based Services, Enters Cloud Computing Space

Apple is planning to invest more in streamlines and increasing its cloud-based and software services like iCloud, Newsplus, and Apple Music. The expansion will go along with devices like iPads, MacBooks, and iPhones. To be entirely sure about the reliability of the cloud-based service on all the Apple devices, the company has decided to rely on AWS (Amazon Web Services) and the cloud division. AWS, as you might know, is a subunit of Amazon that offers cloud-space solutions. According to CNBC's findings, Apple is said to pay Amazon $30 Million monthly for its cloud-based services. It also means that Apple is one of the biggest customers of AWS. Nevertheless, Apple hasn't confirmed whether it uses Amazon's cloud services besides its iCloud. According to experts, Apple also has some of its cloud services on Google. Amazon transformed the management of the data center and hosting of the applications when it brought the AWS. Being the first one to offer services like these,...
Post a Comment
Read more