Passwords: the keys to better security

Author: Proximus NXT

16/07/2018

Cybersecurity

Protecting sensitive and private data is becoming a major challenge. The theft of credentials can have a serious impact on the long-term viability of a company or on an individual’s life. Creating stronger passwords is therefore essential.

A password is often the main gateway to accessing one’s online identity. This simple authentication method provides access not only to personal accounts, but also to all professional accounts used in a work context.

Identity theft

On the downside, there are many techniques used to steal them: malicious code, phishing, keyloggers, password-cracking software, and more. The impact on a company’s operations or on the privacy of an employee or European citizen can vary widely: loss or leakage of sensitive or personal data, identity theft enabling email interception, takeover of social media accounts (for example to launch a smear campaign against a company without its knowledge), access to online services, and so on.

As a result, organizations must implement secure authentication mechanisms. Everyone is concerned, at every level, including company management and IT and security teams. The latter should prioritize strong authentication (a combination of password, biometrics, and token), limit the number of login attempts, and enforce regular password changes at appropriate intervals.

“Strong” passwords

Not everyone uses strong passwords… the most commonly used password for many years remains the infamous 123456, or the equally well-known password!

Strengthening credential security also requires the use of complex passwords. Names, first names, places visited, football team names, or birthdates should be avoided. In short: no dictionary words. A “strong” password includes lowercase and uppercase letters, numbers, and special characters or punctuation marks. Length also matters: the longer it is, the more secure it becomes. The goal of all these measures is to make it difficult, if not impossible, for attackers to guess.

It is also advisable to use multiple authentication factors whenever possible to increase account security: secret questions, tokens, SMS or phone call codes, biometrics, etc.

The eternal question remains: how can you remember such complex passwords? Mnemonic techniques can help. The simplest method is to remember the first letters of each word in a sentence. For example: “I bought 5 CDs for one hundred euros this afternoon!” becomes: ght5CD%E7am!

Another method is to take the first letters of a phrase: “A knowledgeable business leader is worth 2!” becomes 1Cd’Eaev2!

Password managers

However, these two techniques have limits: they do not allow you to manage a large number of strong passwords. The solution is to remember only one master password and use a password manager. This type of open-source and free software can be installed on a Windows or iOS computer, and even on a USB key, which is very convenient for mobile employees using laptops.

In addition, password managers help avoid a major risk that exposes your entire digital life: using the same password across all services. If one password is ever leaked or guessed, all your accounts could be compromised.

Never use the same password for two different services.

Training

But these techniques are not enough if employees are not trained in good cybersecurity practices. Speaking at a conference in the United States (RSA Conference, April 2018), David Hogue, Director of the NSA’s Security Operations Center (SOC), stated that “93% of security incidents in 2017 could have been prevented through good practices.”

Attending Proximus NXT training sessions is therefore essential. Their goal is to help identify cybercriminal traps and eliminate bad habits, such as leaving passwords visible on a desk or on a sticky note, reusing the same password for all accounts, never changing passwords, or sharing them with others.

For this reason, Proximus NXT offers companies awareness sessions for different types of users, aimed at educating them about the most common threats, based on live demonstrations of password interception and attacks on encrypted passwords to recover them in plain text.

Proximus NXT brings together the educational infrastructure, trainers, cybersecurity expertise and experience, as well as partnerships with specialized vendors and publishers, required to deliver awareness campaigns and tailored training programs to help companies face current and future threats.

Proximus NXT’s approach is holistic: in addition to products, it offers consulting, management, governance, and training.