Announcement: Cythera has joined forces with Bastion Security Group. Learn more
01 Jul / 2020
Cyber Awareness
Who out there has been guilty of reusing a password? We’re all guilty of it! Results from a recent Google survey discovered that at least 65% of people reuse passwords on multiple sites, sometimes even all sites. Whilst this may provide convenience and ease of use to access the everyday applications you use; you’re putting yourself and your sensitive data at risk.
Have I Been Compromised?
Crafty attackers utilise tools to find passwords in previous account breaches and can then go on to compromise any number of accounts that you own with that same password. This tactic is known as credential stuffing. This essentially means that if you use the same password for Facebook and your online banking, it may result in a tarnished image and an empty bank account if a threat actor gets ahold of your password. You can check your email accounts against HaveIBeenPwned to verify if your email address(s) have been involved in any known breaches. You can go one step further to see if your password has been used before and even integrate it into your user registration pages via HaveIBeenPwnedPasswords.
Password Manager
This is your safe to all your passwords. It’s much more secure than your sticky notes that contain passwords stuck to your monitor! Best practice would be to take an inventory of all the web applications you log into and change the password on each site. Password managers can generate complicated passwords, and you don’t need to remember them, because that’s the password manager’s job. Bitwarden or 1Password are good options to solve this. At this time of writing, Bitwarden is open source and free for public use.
Multi-Factor Authentication
Alongside a password manager, you’ll also want to enable multifactor authentication (Also known as 2 Factor authentication or 2FA) on all sites and applications that have the capabilities to do so. Enabling 2FA will provide an extra step to prove you are who you say you are. The primary method is something you know (Your password), and the 2nd factor is something you have. This will generally be a mobile device or a physical token.
You’ll need an authenticator app in order to properly use MFA. You can download and install Google Authenticator which is commonly used from your mobile device’s app store. Additionally, some password managers will allow the use of MFA tokens and one time codes so that you can authenticate your web application in one go.
Organisational Impact
Your users are your biggest asset, but also the weakest link in the chain. It only takes one user that has had their credentials compromised by an attacker to cause severe damage to your businesses reputation. Depending on the security measures in place, once the attacker retrieves those credentials, they may be able to perform anything that that user has access to do. Threat actors are becoming more resourceful than ever before, so think twice before implementing the same password for another web application.
Finally, it’s imperative that all organisations have multifactor authentication enabled for:
These measures will help further secure your users and business from malicious attackers.
Safeguarding the Australian Health Sector with SASE: Beyond Perimeter Defense
Safeguarding the Australian Health Sector with SASE: Beyond Perimeter Defense Across the Australian healthcare landscape, digital transformatio…
Read MoreMicrosoft Office Remote Code Execution Vulnerability aka Follina
CVE: CVE-2022-30190What Is Vulnerable? Windows Office 2013 and later, including the latest patches for Office 2021What’s Happening?Microsoft O…
Read MoreTop cyber-attacks of 2022.
2022 has been a year like no other for Australian businesses experiencing cyber attacks. With high-profile cases such as Optus on the rise, it i…
Read More