World Password Day: Password Protection Needs a Fundamental Change


Share

By Krupa Srivatsan, Director of Product Marketing at Infoblox

Let’s be honest, our digital lives have us drowning in passwords. The average person manages anywhere between 60 and 90 password-protected accounts–a number that goes up for IT professionals. In an ideal world, each password would be a unique set of randomly generated characters and numbers. But that doesn’t really happen.

A 2019 Google study found that 75% of the Americans admit to struggling with so many passwords, that  many end up reusing the same password across multiple accounts. As a result, your office assistant may be using the same password for his/her system login as for social media – a scary thought but a very real one.

Weak passwords represent a cybersecurity threat for organizations already struggling with security compliance during remote work and the blurring of personal and professional spaces. In fact, more than 80% of data breaches involved brute force or stolen credentials.

Organizations need to take a few extra steps to ensure that they don’t compromise on security while their employees are working at home. Improved last-mile endpoint security solutions paired with password best practices can help improve network security. Some techniques include:

  • Detect Spam and Phishing attacks early

In 2019, 76% of businesses that fell prey to phishing attacks did so through fraudulent emails. Relying on end users to stay alert to constantly evolving tactics is not realistic and will always fail. A better solution is to ensure that  the entire security stack is using  the latest threat intel so that it can proactively detect malicious traffic and block phishing attacks.

  • Educate users to avoid human errors

The weakest and most vulnerable link in any organization is the employees and the potential for human error. It is critical for security teams to continuously educate colleagues on password management best practices—such as unique and confidential passwords, regular password changes, and the use of password managers—and give them the tools to implement them.

  • Add an extra layer of protection with Multi Factor Authentication

Adding an extra layer of security with biometric or 2-step authentication offers better security, according to 65 percent of IT professionals recently surveyed on the topic. Even where biometric authentication is not always feasible, Multi Factor Authentication can block a significant number of attacks.

  • Leverage DNS-first Security Solutions

Organizations can leverage the benefits of a DNS-first approach for a wide variety of detection and protection purposes, both on and off-premises. Because it sits at the core of the network and touches every device that connects to it, DNS is a powerful tool that can be used to catch the more than 90% of malware that uses it to enter or exit a network. DNS layer security stops attacks such as ransomware, phishing, exploits early in the kill chain and close to the compromised endpoint, while  blocking DNS-specific threats like FastFlux, DGAs and DNSMessenger, that other tools miss.

  • Detect threats sooner with better visibility

Most organizations consider DNS to be a critical part of their investigation and response capabilities for the visibility it provides over the network. DNS, DHCP and IPAM provides critical forensic information that allows security operations teams to quickly triage and prioritize response to events.  

At the 2004 RSA Conference, Bill Gates predicted the death of passwords. Seventeen years later and passwords are not only still in use, but remain our primary method for accessing systems and user accounts. While options to strengthen the password like password managers and multi-factor authentication are being increasingly adopted, it remains apparent that they are insufficient. For better or for worse, passwords are here to stay, and so a fundamentally new approach is necessary to protect the network and individual users from data breaches and cyber attackers, one that gives security teams the ability to identify and block attacks before they happen.


Leave a reply