On the 6th, like every first Thursday in May since 2013, World Passwords Day was celebrated. Its use is still prevalent, even though biometric authentication mechanisms are now also common, whether with fingerprint, facial or iris recognition; not long ago, we even counted the initiative of a world without passwords or passwordless.
In an environment of increasing digitization, with the increase in the use of mobile devices or social networks, the gradual and silent emergence of the Internet of things or cloud services, and the use of teleworking and remote access tools motivated by the pandemic arise other models that advocate combining secure access VPN and security services cloud ( SASE for secure access service Edge ) or network zero confidence, but, raise your hand who does not use passwords! For now, it seems we have to continue using them.
What Are Passwords For? Is There An Alternative?
Passwords continue to be the preferred authentication method, that is, to demonstrate that we are who we say we are. For that reason, we have the right to access those services we want to access, be it our social media profile, the backend of our website, our account in a cloud service to share files, our profile in the electronic headquarters of a ministry, the email account, the computer or the current account of our business.
Companies have to manage the identities of the users of the internal and external services they provide. Our system administrators give us the access credentials to the users, to which the permissions that we will have been linked. They are the inseparable couple: “username and password.” If they are to access critical services such as the VPN or the bank account or administrators, we will use the double authentication factor in many cases.
How They Can Be Compromised
With how strong passwords are to access our services, some of them critical for the company; protecting them has to be unquestionable. However, it is certainly not the first time that we forget them; we point them where we should not, we share them, reuse them, leave the default password,
One way to lose them is if they are part of a data leak from a service we use, such as a social network, a free email, a technology provider or a cloud service. A security breach of your systems or an error can result in a “leak” of the user-password databases, sometimes unencrypted or with weak encryption. Try haveIbeenpwned.com if any of the ones you have used in the past are in a database of those sold on the dark web.
And if they are not in a data breach, it is possible that if your passwords are weak, that is, easy to crack, you know, short and straightforward. Some clever cybercriminal will have tried or will try as soon as he has the slightest chance.
We can also become victims of a phishing attack and enter our credentials in service or page that we believe is legitimate, handing them over to cybercriminals.
Finally, the software and hardware we use are not infallible, and yes, it has vulnerabilities or security flaws that, if not corrected in time, can put our passwords at risk, allowing someone without permission to have access to them, even to change them, leaving us, their rightful owners, without access. Therefore, we insist on auditing and updating.
How To Make It Difficult For Cybercriminals
We have no choice but to wake up!
- If you haven’t already, implement a password policy.
- Train your team with the awareness kit to avoid falling into phishing and smishing scams, as cybercriminals use similar techniques via SMS and on social media.
- Audit your passwords and implement specific measures that you can find in the Catalog of companies and cybersecurity solutions.
- Use password managers, as we show you in this video tutorial.
What To Do if I Suspect That I am No Longer The Only One Who Knows My Credentials?
If you still have access to your account, enter and change the password as soon as possible. If not, contact the service provider to block your account, and in any case, report the incident and report if it is a crime, among others, fraud, threats, forgery or if they violate intellectual property.
If your systems have been compromised and you suspect that the databases with access credentials to your services are compromised
You know, the password is a key that we must not lose if we do not want to put the company’s assets at risk.