¡Feliz dia Internacional de la Contraseña!

¡Feliz dia Internacional de la Contraseña!

Today is World Password Day. Every year on the first Thursday in May World Password Day promotes better password habits. Despite what is going on in the world this might be the most important Password Day there has been.

With so many of us working from home our cybersecurity will be stretched to the limit. The basis of great cybersecurity is using strong passwords. So to a good way of improving your security is making sure employees are using strong passwords for all accounts your business uses.

Why is World Password Day so important?

Well despite all the warnings about using the same weak passwords on our accounts, we are still doing it. We are still making it easy for cybercriminals to hack into our accounts. If a hacker gets access to one account and you use that password across different accounts, they now have access to all of them.

A survey held in the UK by password manager LastPass found some shocking behaviours around using the same password.

  • 92% know that using the same or a variation of the same password is a risk, but:
  • 50% of us do it regardless!

Passwords are now an expected and typical part of our data-driven online lives. In today’s digital culture, it’s not unusual to need a password for everything—from accessing your smartphone, to signing into your remote workspace, to checking your bank statements, and more. We’ve all grown used to entering passwords dozens of times per day, and because of this, we often take passwords for granted and forget how crucial they are.

With that in mind, what steps can you take to ensure that your personal data is protected at all times?

Consider a password overhaul—at home and at work

We know… just the mere thought of coming up with (and remembering) yet another new password is daunting. The average person has about 100 different passwords for the various tools, apps, websites, and online services they use on a regular basis. With so many passwords to keep track of, those familiar “Update Password” prompts tend to get bothersome.

But, unfortunately, we live in a world of constant hacking attempts and security breaches. While changing passwords may be inconvenient at times, following this password best practice can help prevent the following data catastrophes:

  • Giving hackers easy access to your most sensitive accounts
  • Breaches to multiple accounts that share the same or similar passwords
  • Attacks by keystroke loggers who steal common login credentials
  • Loss of data through shared (and easily stolen) passwords

Although it requires time and patience, password protection is one of the most important things you can do to safeguard your personal, professional, and sensitive data. The list below includes four easy and practical tips for creating better password policies.

1. Increase the complexity and length of each password

There’s a reason that websites and online services provide so much direction when prompting users to create new passwords. Variation in both the complexity and length really does matter when it comes to protecting your accounts. Always incorporate both upper and lowercase letters, numbers, special characters, and symbols into each password you create.

When used in combination, complexity and length make passwords much harder to guess at random. This tactic also prevents users from relying on common phrases or personal identifiers (such as date of birth) when making new passwords. A password that contains only lowercase letters of a simple phrase is much more vulnerable than a complex combination of different characters.

2. Use a password manager

Password management software takes some of the brunt out of remembering the many different combinations you use around the internet. Generally, a password manager requires the creation of one master password. Then, you’ll be given the option to connect different logins that are then placed into your password “vault.”

Many password managers also encrypt passwords to create an additional layer of protection. This means that once you’re logged into the password manager, you may be able to login automatically to different websites, but the exact characters of your unique passwords aren’t always visible.

3. Never store passwords in plain sight

Although it’s tempting, you should never record passwords on paper or in plain sight somewhere on your desktop (such as on a notes app). These methods are easy to spot, which makes them even easier to steal. Additionally, it’s not very difficult to lose, misplace, or throw away passwords that you store on paper.

If you ever need to share passwords or login credentials with another individual (perhaps a family member or an approved coworker), always choose a secure method. Password management software also comes in handy when you need a secure way to share passwords.

4. Use multi-factor authentication wherever possible

Strong passwords make a big difference, but sometimes, additional security is necessary. Multi-factor authentication (MFA) is the process of protecting your digital password with a physical form of identification. For example, when you enter your password into an online account like Gmail, you may receive a code to your mobile phone that you’ll have to enter for an extra line of security. MFA is an effective way to prevent cybercriminals from accessing passwords via third party online systems.

Multi-factor authentication can be conducted in a variety of ways—it might include a quick fingerprint scan, a phone call, a text message, or a code. While MFA does add another roadblock to accessing your account, it’s a simple, yet powerful way to strengthen data security.

Enhancing your unique passwords is just one of the many ways that you can lock down any potential vulnerabilities and prevent cybercriminals from accessing your information.

Sources:
(1) Infotech
(2) Techsecurity

El valor de la identidad

El valor de la identidad

The rapid digitisation across the world in 2020 has paved the way for companies to adopt new models in how they secure and manage the identity of their users.
As businesses move from largely reactive measures last year to now putting in place policies and processes to permanently adapt to the new normal, a modern identity and access management (IAM) system is critical to manage access across multiple operating systems, devices, locations and applications, based on what a user should be able to do and what they will need over time
IAM encompasses a complex set of functions that touch nearly every aspect of your business and have a measurable impact on your bottom line. Leaving an outdated IAM system in place — whether you’re managing the identities of employees, business partners, or end customers — is both costly and dangerous.

Modernising Identity Reduces Maintenance Costs
Businesses that are reluctant to invest in IAM are often unaware of how much money they’re already spending on it. Maintaining an outdated, decentralised IAM system is usually a full-time job for at least one developer. In addition, dealing with identity-related issues such as lost passwords takes up the majority of your support desk’s time.
The maintenance costs of in-house Identity are high even if we only define “maintenance” as keeping the existing system running so users can log in and access resources. When businesses improve their custom IAM systems, those costs skyrocket. Auth0 customers regularly report that if they attempted to build our features themselves, it would take an entire team of developers.

Identity Is Critical to Legal Compliance and Security
If you don’t invest in a sophisticated, secure identity solution, then you’re essentially budgeting for regulatory fines and the myriad costs associated with data breaches. Given the rise in global data privacy laws and cyberattacks, the chances that you will be impacted are only increasing.
Identity-based attacks are a pervasive threat. Today, hackers the world over use authentication as their preferred gateway to attack. Verizon’s 2020 Data Breach Report found that the most common forms of data breaches are identity-based: phishing and attacks using stolen credentials. These broken authentication attacks mean huge expenses for businesses, in the form of application downtime, lost customers, and IT costs. The Ponemon Institute reports that a company that falls victim to a credential stuffing attack stands to lose an annual average of US$6 million. Thwarting these attacks requires IAM features such as brute force protection, multi-factor authentication (MFA), and rigorous access control.

IAM Unleashes Innovation
For better or for worse, your company’s IAM platform will impact your ability to innovate. This happens in two ways. The first is simple: Every hour your developers spend on authentication is an hour they’re not improving your core product.
Most companies are familiar with this logic when making other decisions about building vs. buying microservices. For example, Auth0’s research found that when companies need to incorporate a payment tool in their app, only 26% build it themselves. The other 74% use a software-as-a-service SaaS solution like Stripe or Paypal. The same logic holds true for authentication.
Aside from freeing up resources, an IAM system can drive innovation. For example, consider the impact of centralised Identity on improving analytics and customer outreach. When a single IAM provider handles user authentication across devices and integrates seamlessly with every other system, it de-silos data to create a single source of truth about users. This idea is the heart of an omnichannel approach to retail and marketing.

Identity Is Central to Your Business
It’s always important to make sound investments in technology, and particularly in a moment of global uncertainty. But having a secure and extensible IAM solution is one of the best defenses against that uncertainty because it makes businesses more capable of adapting to change.
A modern IAM solution can provide both a quick business win and long-term value by decreasing costs, increasing revenue, and making businesses more adaptable in a shifting technological and legal landscape.

Shall we talk about your project? Soffid 3 is a more intuitive and user-friendly version that will fit your needs.

Sources:
(1) Digital Security Magazine
(2) Frontier Enterprise