To “err is human” as the expression goes. As carbon-based life forms, we are not all perfect (apart from some of us, hah), and surprisingly very predictable.
The problem is passwords that we choose.
Human beings are not designed to think up and remember complex passwords. We all forget things, or at least I think I do— I can’t remember. So whenever we have to choose a password, we choose something that is easy to remember – family names, birthdays, etc.
Here is the big problem. Because we are bad at remembering passwords, we tend to reuse personal passwords for our business accounts. Everyone has his or her ‘favorite’ strong password (you know you do—don’t deny it!). We think we make it secure by swapping o’s with zeros, a’s with @, and s’s with $, but this is predictable behavior – like a hacker isn’t going to think of this, right?
The fact is: if any one of your personal accounts gets hacked and your favorite password is exposed, hackers now have a base to try variations on for your work accounts.
Let’s talk about work for a minute. If you have access to say, 100 systems as part of your day-to-day administrative duties, you are likely going to:
1) Set them all to the same password
2) Record the passwords in a spreadsheet somewhere
3) Try to make sure you regularly change the passwords
Obviously Option A is a bad idea—if one account gets hacked, someone now has access to all accounts. Option B is not much better, as if your spreadsheet gets exposed, then all your accounts are there for the taking (remember the Sony Pictures incident). Option C, incidentally, is not much better; I’m sure you have all appended a numeric such 1 or 2 to an account to make it unique.
The Answer Is Password Management.
Password management will automatically choose strong, complex and unique passwords for you. It will store the values using strong encryption, in a database that cannot be accessed directly. The solution will make your passwords easily accessible when you need them, using strong authentication mechanisms such as two-factor authentication. Passwords will be rotated automatically, as often as every time you use them, at a minimum every 90 days.
Beyondtrust’s PowerBroker Password Safe can do all the above, and a whole lot more. Not only can it take away the worry of securely managing your account passwords, it can also manage your SSH keys, and automatically log you on to your systems regardless of the platform type.
But it doesn’t just help you with your security objectives. PowerBroker Password Safe makes it easier for you to do your job by enabling secure credential storage, advanced workflow control, auto-launch and session recording for administrative sessions to Azure, Amazon (AWS), GoGrid, Google, Office 365, and Rackspace, as well as social networks such as Facebook, Instagram, LinkedIn, Pinterest, Twitter, and XING.
For true dual-control, PowerBroker Password Safe allows administrative activities to be monitored in real-time. Password Safe not only enables the remote termination of these privileged sessions, but also has the ability to pause (or lock) a session that is already in progress.
If you need more proof that a few misused passwords can do damage to your enterprise, check out this recent webinar from renowned hacker and security expert Paula Januszkiewicz, “The Little Password That Could: How a Reused Password Could Dismantle Your Enterprise.”