![\"What](\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/04\/password-compromise.jpg\")
<\/p>\n<\/p>\n
Password compromise should concern every enterprise with even a minimal presence online or just one database. Through password compromise, hackers can easily infiltrate your IT environment, steal sensitive digital assets, or cause potential financial ruin. Moreover, this attack vector serves as one of the most popular among malicious threat actors; and thus one of the most consistently exploited.<\/span><\/p>\n What causes <\/span>password compromise<\/span><\/a> at the enterprise level? How can enterprises prevent it? More ideally, how can enterprises completely circumvent it, preventing hackers from exploiting it in the first place?<\/span><\/p>\n We dive into the subject in-depth here. <\/span><\/p>\n There is a particular reason password compromise represents such an issue for enterprises: passwords are inherently weak authentication factors by themselves. <\/span><\/p>\n Passwords represent a remnant from the earliest days of identity and access management. In times past, your enterprise could trust employees to safely remember, input, and secure their own credentials when entering your network. <\/span><\/p>\n Those days passed long ago. Businesses now operate in a very different identity and access management environment. <\/span><\/p>\n For example, according to Julia O\u2019Toole of Mycena, the average user must remember anywhere between 80 and over 90 passwords. Similarly, <\/span>Dashlane<\/span><\/a> estimates the average to exceed 150\u2014well beyond what enterprises can reasonably expect employees to remember. <\/span><\/p>\n Unfortunately, this leads employees to make extremely poor authentication choices. According to <\/span>SplashData<\/span><\/a>, nearly 10% of users chose passwords identified as one of the 25 worst. Rachael Stockton of LogMeIn found well over half of users <\/span>repeat their stolen passwords<\/span><\/a>. <\/span><\/p>\n Both behaviors represent potential weak spots in your identity security digital perimeter. Furthermore, hackers can employ social media research to discern users\u2019 probable passwords; after all, users put a great deal of their information online. A savvy threat actor could easily find a target\u2019s birthday or family pet\u2014which could reveal their <\/span>passwords<\/span><\/a>. <\/span><\/p>\n This assumes an external threat actor, but an insider threat could easily steal credentials from their fellow employees or users. Plenty of innocent actors write down their passwords in plain sight to avoid forgetting them. Sometimes, users share their passwords with each other to help facilitate workflows. P<\/span>rivileged access solution provider <\/span>Centrify<\/span><\/a> found 65% of users share their privileged access.<\/span><\/p>\n As a rule, hackers can easily guess or crack employee or third-party passwords. Plenty of malicious vendors on the Dark Web sell tools which can automatically decipher passwords\u2014often for cheap. <\/span><\/p>\n Additionally, plenty of hackers sell lists of previously compromised credentials, which allows hackers to run credential stuffing attacks. Credential stuffing attacks allow threat actors to brute force their way past single-factor authentication schemes by inputting thousands of possible passwords in rapid succession. <\/span><\/p>\n Of course, if the password exists on the list of worst passwords, hackers don\u2019t need more than a few educated guesses to penetrate the network. More experienced hacks can crack all but the most intricate passwords in a matter of hours, if not minutes. \u00a0<\/span><\/p>\n Unfortunately, penetrating the network only represents the first step of hackers\u2019 malicious plans. Once inside, they could easily use your business as a stepping stone for an island-hopping attack, plant a concealed dwelling threat, or laterally move throughout the environment. <\/span><\/p>\n Moreover, if your enterprise doesn\u2019t adequately protect against password compromise, hackers can wreak even more damage. If they obtain privileged access credentials, they could access your finances or proprietary data unchallenged. Conversely, they could input disruptive workflow changes or even destroy your IT environment.<\/span><\/p>\n Indeed, <\/span>Centrify<\/span><\/a> discovered 74% of enterprises suffered a breach beginning with a compromised. privileged access account. \u00a0<\/span><\/p>\n So those are the risks of password compromise. How can your enterprise prevent it?<\/span><\/p>\n By implementing some reasonable <\/span>identity and access management<\/span><\/a> best practices, you can help curtail and deter password compromise attempts both external and internal. <\/span><\/p>\n No list could encompass all enterprise-level <\/span>identity security<\/span><\/a> best practices, but we hope this list helps guide your IAM thinking and policies. Be sure to consult with your IT security team as well before implementing the following: <\/span><\/p>\n Of course, part of the problem with <\/span>password compromise<\/span><\/a> is over-reliance on a single factor authentication. Even if you completely switched your passwords with biometric authentication, hackers would still find a way to bypass it as the only barrier to entry. <\/span><\/p>\n Therefore, most <\/span>identity management<\/span><\/a> experts contend enterprises must implement multifactor authentication (MFA) protocols. MFA asks users for different authentication factors before granting them entry. These can include: <\/span><\/p>\n While this can compromise user convenience by asking for so many factors at once, the improvement to your overall identity management security is certainly worth the cost. Additionally, you can instead implement step-up authentication to create a better feeling of balance. <\/span><\/p>\n Step-up authentication asks for different authentication factors as the user requests access for more sensitive digital assets or databases. Users could use password-dependent single sign-on to access their basic job-function necessary assets but then input their biometrics to access higher-level areas. <\/span><\/p>\n Password compromise should not be treated as an inevitability. With the right identity management and <\/span>privileged access management<\/span><\/a>, you could make password security a <\/span>critical business process<\/span><\/a>.<\/span><\/p>\n Password compromise should concern every enterprise with even a minimal presence online or just one database. Through password compromise, hackers can easily infiltrate your IT environment, steal sensitive digital assets, or cause potential financial ruin. Moreover, this attack vector serves as one of the most popular among malicious threat actors; and thus one of the […]<\/p>\n","protected":false},"author":41,"featured_media":4364,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5],"tags":[142,125,237,16,112,76,70,145,124,90,25],"acf":[],"yoast_head":"\n\t\t\t![\"Download](\"https:\/\/solutionsreview.com\/identity-management\/files\/2020\/01\/IAM_BG_SB_800.gif\")
<\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/span><\/p>\nThe Problem with Passwords<\/b><\/h2>\n
The Basics of Password Compromise<\/b><\/h2>\n
\t\t\t![\"Download](\"https:\/\/solutionsreview.com\/identity-management\/files\/2020\/01\/PAM_BG_SB_800.gif\" "\\"\\"")
<\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/p>\nBest Practices Of Password Security <\/b><\/h3>\n
\n
To Prevent Password Compromise, Remove the Password<\/b><\/h3>\n
\n
Widget not in any sidebars
<\/p>\n","protected":false},"excerpt":{"rendered":"