Haider Pasha, Chief Security Officer at Palo Alto Networks, Middle East and Africa (MEA), spoke with TECHx Editor Rabab Zehra on the occasion of World Password Day. Haider spoke about password-less technologies, risks to an organization’s IT protection, and how password security can be maintained.
Haider: Biometrics and password-less authentication have made great advances in the past decade but we will still need a secondary or backup authentication mechanism in case those primary methods don’t work. We don’t believe passwords will go extinct but rather evolve in the future whereby creating, storing, and re-issuing passwords will be easier for the end-user. For example, leveraging password creation tools to help us create and remember passwords already exist today but when we couple this with certification authentication, it should make it more secure and easier to use. User awareness, proper training and following strict cyber hygiene are all important factors to consider regardless of whichever option you pick in the future.
Haider: The dark web is a part of the internet that cannot be found through search engines and is largely used for illegal practices. It is a part of the internet that cannot be found through our usual search engines or web browsers. With a stolen password, cybercriminals can access other personal data such as credit cards, personal information and ID scans, personal credit card reports, operating accounts of online systems, email accounts, stolen credentials, and malware and exploit kits amongst many.
The dark web allows cybercriminals to purchase tools, which are then used in specific stages of the kill-chain and helping cybercriminals to make a monetary profit by selling stolen data from victims.
Organizations need to invest and lay a strong foundation for security with an effective strategy in place to know and manage risks proactively in the long run. It is helpful to identify the potential risks, have full visibility of networks and ensure continuous monitoring of connected devices – the quicker the detection, the greater the ability to reduce the impact. In terms of passwords, setting strong passwords alongside robust authentication methods and verification questions can go a long way.
Haider: Generally, as best practice, we always recommend using a two-factor authentication plus setting different and complex passwords for each account, which are changed frequently. Individuals could also use a trusted strong-password generation tool to manage, and businesses could set specific guidelines for password resets and system access.
Moreover, with the major use of mobile and social media platforms, it is also best advised to avoid oversharing personal and financial information on social platforms. Personal details such as birthdays and place of birth can also be critical information when it comes to passwords. Social media accounts can also be used as a platform for phishing attacks, especially if you link your app-based messaging services to them. It is all these small steps that can help to avoid data breaching.