Security Series: Passwords
This is the first post in our series on various aspects of security. Now, we take the first step into the digital world and begin exploring the universe of passwords.
It’s easy to imagine that all IT attacks are sophisticated, exploiting unknown security vulnerabilities (so-called 0-days), or that systems are not updated to patch known security holes.
In IT attacks, it’s typically either excessive exposure of non-exposed systems or the use of weak and leaked passwords that constitute the vulnerabilities.
Contact us for professional assistance in organizing your passwords, both for personal use and within companies.
Where the industry has failed
We believe that the industry as a whole has failed on several fronts, especially concerning password management.
Failure 1: The concept of passwords
The choice of the term password as a concept has proven to be inadequate. A simple word rarely provides sufficient security and entropy.
Failure 2: Password change policies
Many organizations have long relied on the idea that regular password changes are a security measure. Unfortunately, it often results in users reusing or marginally modifying their existing passwords.
Failure 3: Lack of education on risks
Not enough education has been provided on the dangers of weak passwords. Understanding risks, such as reuse and short passwords, is a fundamental part of effective security training.
What can an individual do?
To enhance security for yourself and your digital interactions, establish strong habits and routines. A password manager is your best friend for creating and managing unique and long passwords for each service.
Having robust routines with a password manager is a skill and habit that you can transfer to your professional role, reducing the risk of the company facing similar intrusions.
You should also use multi-factor authentication, especially avoiding the SMS method when possible.
How does this protect you, others, and companies?
It allows you to minimize the risk of having your accounts hacked. This is something you hear about relatively often from ordinary people. Hacked accounts are not only laborious and inconvenient for you as the victim.
It is also a security risk for others, as your hacked accounts can lead to the spread of malware and disinformation. The latter is emphasized by the Swedish Civil Contingencies Agency in its campaign Don’t Get Fooled, as it contributes to national security. The fact that your vulnerable social media account can post disinformation also increases the credibility of the misinformation, posing a significant risk.
Good routines with a password manager are a knowledge and routine that you can bring into your work, contributing to better password hygiene within the company and thus reducing the risks for the company to face similar intrusions.
How do you manage passwords?
Contact us for assistance in creating order in your passwords, both for personal use and within companies.