Bad actors don't hack...they log in Responsible password management is critical for keeping sensitive information safe from cybercriminals who are continuously finding new ways to gain access to corporate and personal data and intellectual property. With the advent of AI, even the following well-known methods now have a lower barrier to entry for would-be bad actors. - Credential Stealing: When cybercriminals gain access to a network or even just a single PC, they regularly search file storage locations and personal drives looking for files that are used to store credentials. Files named Passwords.docx or My_Login_Info.xlsx are attractive targets for cybercriminals. They will also use sophisticated pattern-matching searches to locate files with less obvious names that hold account credentials.
- Phishing: Phishing attacks trick users into revealing their credentials through fraudulent emails, websites or SMS messages. Phishing remains one of the most effective and common ways to compromise passwords.
- Keylogging: This method of attack involves using malicious software that records keystrokes to capture passwords and record or relay them to cybercriminals as they are typed. Keyloggers can be installed on a user’s device through phishing attacks, malware or physical access to the device.
- Brute Force: A brute force attack involves a hacker repeatedly trying different combinations of passwords until the correct one is found. The hacker often uses automation in some manner and relies on rapid and repeated trial and error. Brute force attacks target both personal accounts and large corporate internal and external applications.
- Credential Stuffing: Reuses stolen credentials of users from their past breaches to access multiple accounts; not reusing passwords helps to mitigate this.
Practicing strong password management is key to protecting your accounts. Here are some ways to keep your personal and BW accounts safe and secure: - Always use strong passwords: Crafting strong passwords is crucial to securing user accounts against unauthorized access. You should create long, random and unique passwords. Simple passwords or ones that use common identifying information, such as your birthday or a pet’s name, are not safe enough for your accounts.
- Multi-Factor Authentication (MFA): This form of password management adds a critical layer of protection to your accounts by requiring more authentication than just a password. This extra step may be an authentication software, a fingerprint or facial recognition. MFA is a very effective and fairly simple tool that helps reduce identity theft and improve overall data security.
- KeePass: KeePass is a password manager that helps users securely store and manage their passwords. Once KeePass is used for managing your account passwords, you can rely on it to store very long, highly complex passwords that are not likely to be memorized or guessed by a human and take a very long time to be brute forced by a computer. In alignment with the BW Acceptable Use Policy on credential management, KeePass gives BW team members a standard method to store their credentials in a secure way. To read more about KeePass and how to set it up, click here.
|
|
|
|
