Page 75 - Cyber Defense eMagazine forJune 2021
P. 75
1. Educate your people on the importance of credential security and provide them with the tools to protect
credentials
2. Create an environment where your people are comfortable highlighting security issues or cases where
practices are not being followed so you can continue to improve your credential security
3. Utilize multi-factor authentication to reduce the damage that can be done by weak or exploited
passwords
4. According to NIST's 2021 security recommendations, it's important to keep your passwords long but
not too complex. Theoretically, if the password is long enough, the chance of a hacker figuring out the
correct sequence is low.
Follow these best practices beyond World Password Day, and your entire team will play a part in creating
obstacles for digital adversaries and protecting your data."
Josh Odom, CTO, Pathwire
"As we reflect on cyber hygiene practices for World Password Day, we recognize that for many years
users were encouraged to create strong passwords using random combinations of characters that are
difficult for humans to remember, but easy for computers to guess. This is the opposite of the intended
purpose and often leads to inherently poor habits such as writing down passwords or reusing ones that
are easier to remember. Some websites utilize a password strength meter, but this can also be tricky and
lead users to making weaker passwords instead of stronger ones. While we’ve engineered these meters
to score the passwords we create, they are better used against ones that a computer can create because
humans are too predictable, even when we try our best not to be.
To overcome these persistent password weaknesses, utilizing a password manager that generates
passwords from a large set of characters to achieve a desired level of entropy is one of the best options
currently for creating strong and unique passwords. Still, other options available such as security keys,
authenticator apps, or any available multi-factor authentication methods beyond using just a password
should be considered for security. Finally, resources like haveibeenpwned.com which check for exposed
passwords, are reliable compared to inventing and using your own strength-checking algorithms."
Surya Varanasi, CTO of Nexsan, a StorCentric Company:
“Few would argue that creating strong passwords must remain a priority. However, even after creating a
seemingly impenetrable password using every best practice possible, undiscovered threats might still be
able to penetrate them and expose your environment to unnecessary risk.
But if your organization has data that is too important to lose, too private to be seen and too critical to be
tampered with then you must take the next step to thwart cyber-criminals. This can be accomplished by
employing a strategy that enables you to unobtrusively offload data from what is likely expensive primary
storage (cost savings is another bonus here) to a cost-effective storage solution that is engineered
specifically to be regulatory compliant and tamper-proof from even the harshest ransomware attacks.
And since backups have become the latest malware targets, the storage platform should include
“unbreakable backup” meaning it includes an active data vault that creates an immutable copy, which
Cyber Defense eMagazine – June 2021 Edition 75
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.