“Come Steal Our Data!” How Passwords Alone Make Your Business Vulnerable to Cybercriminals
Relying on passwords alone to secure your business accounts and data is a lot like parking your car in a shady neighborhood with the keys in it and a sign on the windshield that says ‘Steal Me’.
It is time to come to grips with how ineffective passwords are
Password best practices alone won’t protect you against even a first time password cracker. And the people who want to take over your business accounts and steal your data aren’t first timers. They’re experienced cybercriminals, often backed by international organized crime. Go ahead, make your passwords 12 characters long, combine cases and special characters, hash them, salt them. It won’t stop a determined attacker.
Cracking your passwords is no longer the realm of a few shadowy geniuses -- the web is filled with password lists and easily accessible, free software anyone can run to crack them. Software like Hashcat and John the Ripper, each so powerful they can try and guess your password billions of times a second.
In spite of security training for developers, security testing during QA, static code analysis, centralized controls, web application firewalls and penetration-testing, stealing your data and taking over your accounts is as easy today as it was years ago...and maybe easier. Because in spite of advancements in security, stolen login credentials are the soft underbelly of cyber security.
The business effects of a security breach or account takeover can be deep and long lasting
You or your customers could be victims of financial fraud and identity theft or you could get hit with fines from regulatory agencies. Often security breaches are followed by downtime and lawsuits that will damage a company’s reputation, resulting in fewer customers and lost revenue.
No business is too small to be a target. Data breaches aren’t the exclusive territory of big companies. Local and international cybercriminals regularly target small and medium sized businesses, from charming Southwestern inns to community theaters and Georgia mountain golf resorts.
How do you protect your company from attack?
The most practical way to strengthen authentication is to require a second factor after your users enter their password. A password is something your users know. Requiring every user to have something to log in stops criminals that steal or gain access to passwords.
This solution, called two-factor authentication, can take several forms. Traditional two-factor authentication requires tokens, or keyfobs, that generate one-time passwords for the second stage of the login process. Over the years, two-factor technology has advanced beyond tokens to include smart cards, phone callbacks and texting. The most advanced and secure two-factor authentication, Duo Push, provides one tap authentication on your user’s smartphones.
Have you put out a welcome mat for attackers?
You have if you only use passwords for authentication. In the rough and tumble digital world we all live in you have two choices: Strengthen your authentication or prepare to be breached.
Have your passwords been cracked or stolen? Share your story in the comment section below.