Weak Passwords and Admin Privileges Expand Vulnerabilities, Security Concerns
Hikvision Cybersecurity Directors Provides Three Rules for Creating Good Passwords
In the SecurityInfoWatch.com article, “Stealthy admins and weak passwords continue to plague enterprises,” the CEO of identity and access threat prevention platform provider, Preempt, outlines the company’s recent research that found weak passwords and admin privileges are increasing organizational vulnerability.
From the article: “Imagine a vast army of unsuspecting employees at various companies around the globe, some with a combination of both weak or compromised passwords, and others with excess access privileges (stealthy administrators) that IT is unaware of. In some cases, an employee might have both. As a result, not only would it be relatively easy for malicious actors to steal these employees’ credentials, the attackers could have the keys to the castle since these users are not monitored as closely as most administrative accounts.”
The research data was collected from 100 companies who shared security stats with Preempt. They included a mix of small, mid-sized and large organizations with 64 percent of respondents located in the U.S. and 18 percent from Europe. Study results found that 32 percent of networks had some exposed passwords, while 72 percent had at least one stealthy administrator (i.e. individual with excess access privileges).
The author recommended conducting an audit to evaluate access privileges across the organization and implementing a strong password policy to reduce security concerns. “… strong password policy is critical. Preempt researchers graded organizations’ password policies from low, medium and high and found only five percent had a strong password policy, defined as mandated complexity (such as 10 or more characters, and complexity in the form of characters and a mix of lower and upper case).
Click here to read more.
Three Rules for Creating Good Passwords
In this blog, “Hikvision Cybersecurity Director Outlines 3 Rules for Creating Good Passwords to Reduce Security Concerns and Hacking Risks,”Chuck Davis outlined ways to reduce vulnerabilities and security concerns by improving your password.
“The password is something we all love to hate. Many of us have to create hundreds of passwords and we’re told by the paranoid cybersecurity experts to make them long and use all of the character sets on your keyboard so that they are not easy to guess. This also makes them difficult to remember, so what do most people do? They re-use passwords—which is also a big no-no. While we all know these general rules, most people don’t know why they exist and what the real risks are. In this blog, I will help you understand the importance of following the rules when developing your list of passwords,” said Davis, in the article.
One of the article tips elaborated on the need for long passwords. Here is an excerpt from the blog:
There is some debate over the best minimum length of a password. Analysis from security expert, Troy Hunt, has shown that many of the sites we use do not require very long passwords. However, research from Georgia Tech Research Institute (GTRI) shows that the longer the password, the better. Even back in 2010, Richard Boyd, a senior researcher at GTRI said, “Eight-character passwords are insufficient now… and if you restrict your characters to only alphabetic letters, it can be cracked in minutes.” Another GTRI research scientist involved in the project, Joshua L. Davis, said that, “any password shorter than 12 characters could be vulnerable—if not now, soon.” As computing power increases, the number of characters in a "long password" will increase as well.
Click here to read more about the three rules for creating good passwords.