It’s no secret that passwords are the keys to the kingdom. So how is your organization handling passwords? If your organization is still using passwords that are less than 12 characters, serious trouble may be on the horizon.
Shorter passwords are giving way to pass phrases that are harder for hackers to guess. At the same time, using group policies and information classification systems to set up your network to limit the amount of damage that a hacker can do can also help to limit your security risk.
The age of the pass phrase is now upon us. A pass phrase is like a password, but longer. For instance, “my CAT is 1 cutie” could be a pass phrase that replaces “cutecat1.” While these longer strings of text are harder for hackers to guess using brute force methods, they’re also easy for legitimate users to remember.
Pass phrases are necessary because the technology that hackers use to crack passwords keeps getting better. Two years ago, a small cluster of computers was able to decode all of the standard passwords on a Windows system in less than six hours. Today, computers harness the special number crunching power of the graphics processing units in their graphics cards and advanced software to crack passwords even faster. A single teenager with a fast computer, a good graphics card and a piece of free software like John the Ripper or Hashcat can render your company’s information security systems worthless.
Comprehensive Password Audit
Your servers store passwords in special files that encrypt the passwords in a format known as a “hash.” A technology partner offering security services can safely download the password hashes just as a malicious hacker would do, and see if it can crack your user’s passwords. If a large majority of them are cracked in under a week or so, it’s an indicator that it’s time to change your approach to passwords. Given the large number of users that you probably have creating passwords on your system, many probably have insecure passwords that are waiting for someone malicious to crack them.
Review of Group Policies
The way that your network uses group policies for access control and information classification impacts how much damage a cracked password can do. The right policy can lock out hackers’ brute force attempts and prevent them from turning off your encryption. It can also limit where they can go in your system if they get a password.
All-inclusive User Training
The user and the choices they make are usually the weakest link in security within any organization. A credentialed professionals can teach your team how to identify and create secure passwords and pass phrases, how to work within your information classification system, and how to keep your network secure. Having your users respect your security policies is a key part of protecting your network.
Download our In-depth Datasheet on The Need For A Security Awareness Program for more information about data security.
About the Author
Jake Kent
Mr. Jake Kent is an Entrepreneur & Business Owner specializing in Information Technology. Jake has founded eight companies, to include Information Technology Consulting & Delivery, Investment Real Estate and Community Banking. Jake brings vision, leadership and a strong work ethic to the CEO role. He leads by example, possessing remarkable skills, experience and expertise across business strategy, operations, financial management and sales & marketing. Jake is a founder of the Matthew-Mint Hill Optimist Club and a Board Member of the Ballantyne IT Professionals Non-profit. Read More..