Friday, November 11, 2016
Weak Passwords Lead to Routine Compromises
nGuard continues to observe weak passwords in widespread use across its customer-base, regardless of industry or size. "It's a major weakness that we continue to identify in a large percentage of our assessments," states Evan Rowell, National Manager of Security Consulting. "In situations where we are able to obtain access to the encrypted credentials, we're able to crack large percentages of passwords in seconds, minutes, or hours. We know from experience that standard corporate password policies are typically around eight characters, with some complexity. Most users will choose a familiar word, capitalize the first letter, and add some digits or symbols to the end. Even longer passwords are routinely cracked, so it's not only a matter of length. Advances in technology make this a huge risk, and many of our new customers are unaware of how easy it is to exploit."
Most Governmental, Regulatory, and Compliance (GRC) based standards require varying password lengths and complexity, as well as Multi-Factor Authentication (MFA) to address this issue. "There are several techniques that can help strengthen password weaknesses, but the basic premise is to use longer passwords with random character strings. It can be difficult to convince management to train, require, and implement strong password policies, but our team has worked with numerous businesses over the years to do just that." While MFA helps immensely, and should be required when remotely accessing internal networks or administration of critical systems, Mr. Rowell indicates "it's not a silver bullet and often can't stop a determined hacker. That's why nGuard works to help businesses understand that a layered security approach is the most effective way to defend against attackers. Better password policies, Multi-Factor Authentication, regular assessments, and remediation are all equally important."
For more information, review nGuard's Password Database Testing service, or contact us directly.
About nGuard Corporation
nGuard is a leading provider of expert security assessments, managed security services, security incident response, and other advanced security services to organizations across North America & around the world. nGuard's relentless focus on securing clients, as well as their unmatched security expertise, has helped them become one of the most sought after security firms in North America.
For more information, please visit: www.nGuard.com