Here is a refresher for readers who are still stuck with password protected systems amid increasingly sophisticated credential-theft techniques
One only needs to look at the prevalence of cyberattacks rooted in leaked credentials as proof that passwords can be relatively easily stolen by cybercriminals.
Passwords need to be both unique and complex to be effective.
If users invest in longer passwords and commit to changing them periodically, passwords can be very effective in protecting personal and financial information against cybercriminals. Better still, passphrases, which consist of random words without grammatical connections, are a more secure alternative.
The human element
Malicious actors rely on diverse methods to gain access to victims’ credentials — and emerging technologies have made it easier for these attacks to be launched.
The prevalence of large language models has made phishing attacks more targeted. Malicious actors can craft a convincing phishing email in a matter of seconds with AI, and even tech savvy individuals have been known to be tricked into sharing sensitive information.
Malicious actors also employ the help of information stealers (aka info stealers): malware designed to secretly collect personal data, including usernames and passwords, from infected devices. These credentials are not just being used to syphon off funds from victims — attackers are also peddling them on the Dark Web.
Yet, despite the inherent cyber risks, individuals continue to use notoriously weak passwords such as “123456” and “password”, which can be cracked in less than a second.
Furthermore, managing numerous passwords across multiple personal and corporate accounts poses a significant challenge, and many individuals choose to use the same password for all their accounts, in their pursuit of convenience.
Layered defenses
Passwords continue to be an important aspect of an organization’s cyber security posture, but other tools need to be used in tandem if we want to keep up against the evolution of malicious attacks. Organizations must implement a holistic cyber resilience strategy that combines people, processes and technology. This includes:
- Multi-Factor Authentication (MFA): MFAs are a powerful layer of defense against unauthorized access, and should also be paired with Single Sign-On solutions to create a potent combination.
- Stopping malware with endpoint detection systems:Today’s endpoint detection and response (EDR and XDR) systems are like vigilant security guards for your devices. They play a vital role in blocking harmful malware, such as programs that steal your information, before they can do any damage. By constantly monitoring system activities, such systems act as proactive protectors, keeping your sensitive data safe from cyber attackers.
- AI-enhanced cybersecurity: Advanced algorithms and threat intelligence can automate the detection of data leaks and breaches in real time. Once these risks show up on their radar, modern solutions seamlessly integrate with security orchestration, automation, and response platforms, which serve as the operational hub for incident management, and are equipped with customized playbooks with automated actions for specific threats.
While protecting credentials can feel overwhelming, it is more than possible to achieve with good password hygiene facilitated with the right solutions for managing credentials without much inconvenience.
