Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    • SPONSORED CONTENT

    Credentials are Hackers’ Holy Grail: Are You Doing Enough to Keep Them Safe?

    By Enzoic - August 2, 2021

    The following is sponsored content. It may not reflect the views of our editorial staff.

    Share
    Facebook
    Twitter
    Linkedin
      By: Enzoic

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      According to the recently released 2021 Version Data Breach Investigations Report, compromised credentials are one of the most sought-after hacker targets—ahead of bank, medical, and even personal data.

      The pandemic doubtlessly contributed to putting credentials into hackers’ crosshairs. For example, the shift to remote working led to the creation of multiple new digital accounts, while industries such as grocery, retail, and banking invested more heavily in digital services. These factors combined provide bad actors with ample opportunity to attack sites and use these newly leaked credentials to victimize more organizations.

      So, is your organization doing enough to keep credentials safe? To answer that question, you must first understand the primary drivers of credential security:

        •  Poor Password Practices: As a general rule, people understand the importance of creating strong, unique passwords for every online account. However, typically these considerations are outweighed by a desire for convenience and efficiency and inability to remember complex passwords—particularly in today’s age of multiple online accounts and services. While organizations may be tempted to address credential vulnerabilities by enforcing complex password requirements, this is actually a poor security practice for numerous reasons. Chief among these is the fact that human errors often lead to security vulnerabilities when employees are required to create a password that aligns with specific complexity requirements. For example, a basic phrase such as “P@ssword1!” might check all the boxes from a compliance perspective. However, it is clearly a weak password that is guaranteed to exist on a list of exposed credentials available to hackers on the Dark Web.
        •  Password Reuse: Another factor underpinning credential security is the pervasive problem of password reuse. Ninety-one percent of respondents in one survey acknowledge the inherent risks of using the same password across multiple accounts, but 59% admit to doing it anyway. What’s more, 62% of employees are reusing the same password for both work and personal accounts. If just one of these accounts has been breached, then every other site or service associated with the exposed password is also at risk. And with new breaches occurring virtually every day, this threat is continuously growing. To put the problem into context, in the first quarter of 2021, our database picked up an average of 862 million credentials per month—equating to approximately 300 breached credentials every second.
        •  Default Passwords: The enterprise is growing increasingly connected and reliant on edge computing and the IoT. Case in point, by 2029 Gartner expects that more than 15 billion IoT devices will be connected to enterprise infrastructure. While these trends bring various benefits, they also introduce new credential security concerns because many of these devices are shipped with default passwords as standard. Unless companies update these credentials and take steps to monitor their integrity on an ongoing basis, they are leaving open a gaping security vulnerability that hackers will only be too happy to exploit.

      Compromised Credential Screening Offers Password Peace of Mind

      Given that hackers are increasingly targeting credentials as a means to compromise the next organization, it’s critical that companies modernize their approach to password management. The National Institute of Standards and Technology, or NIST, has issued new recommendations to help enterprises do exactly that. A key component of their new guidance is that companies verify that passwords are not compromised before being activated and on an ongoing basis.

      How can you do that, you may ask? There are numerous static blacklists of exposed credentials available online and some organizations even curate their own. But to truly ensure password security, companies need a dynamic, automated credential screening solution that can keep pace with today’s barrage of cyberattacks.

      Enzoic’s proprietary credential screening solution screens all proposed passwords against our dynamic database containing multiple billions of passwords exposed in data breaches and found in cracking dictionaries. In today’s heightened threat landscape, it’s highly likely that a password may be secure at its creation but become compromised down the road. For example, 12% of the exposed credentials Enzoic picked up in the first quarter of the year were new, unique passwords we had not seen before. This underscores the importance of having an automated approach to ensuring the integrity of existing passwords on a daily basis, rather than simply relying on a static list of exposed credentials. Our database is automatically updated multiple times per day, ensuring that companies’ password security reflects the latest breach intelligence without adding additional work from an IT perspective.

      Premium Password Security, Zero User Friction

      Another benefit of our modern approach to credential screening is that password checking happens entirely in the background. Uncompromised employees gain efficient access to their accounts without adding additional steps or device requirements, such as is the case with multi-factor authentication, one-time passwords, or other authentication mechanisms that introduce additional friction. Should a previously secure password become compromised down the road, organizations can automate their response, whether it’s forcing a password reset or using an existing secondary authentication method to verify the employee’s identity.

      Password Security is a Corporate Responsibility

      Your employees may be responsible for password creation but ensuring the integrity of these credentials is ultimately an enterprise obligation. Hackers rely on peoples’ poor password practices to continue to victimize more organizations, and it’s unrealistic to expect the latter to change their approach to password management. But by deploying Enzoic’s dynamic password threat intelligence, companies can safeguard passwords, protect their networks and fight back against credential attacks—all without impacting employee efficiency and productivity.

      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.