BSI urges strengthening of credential management
06 May 2021
This World Password Day (6 May), the Consulting Services team at BSI is encouraging all device users to review password usage and to follow best practice to help reduce potential risks or data breaches to strengthen information resilience.
Mark Brown, Global Managing Director - Digital Trust, Consulting Services at BSI, explains: “A password is a key access point used daily for all device activity, starting with logging into your device - whether it be a mobile device or laptop - accessing applications, browser logins and other platform usage. Alarmingly we are still seeing the top three most common passwords remain as 123456, 123456789 and qwerty.”
“Weak credential management, the absence of strong passwords and a lack of employee awareness and training presents significant risks for both individuals and organizations, especially as cybercriminals continue to try and capitalize on the COVID-19 pandemic. By implementing good password hygiene, as a proactive step, users can become more resilient to the challenges that exist.”
How to stay protected and strengthen password hygiene
This year the BSI team have outlined the following advice to support users in advancing their password hygiene on World Password Day:
- Refrain from making well-known character substitutions when creating a password. For example, replacing an ‘s’ with a ‘5’ or a ’$’, as hackers and malicious actors can simply utilize password cracking technologies to use replacement characters to gain access
- Always use a secure connection when logging in or accessing a platform and do not select yes when prompted to auto save a password
- Implement strong password policies backed with Multi-Factor Authentication (MFA) to keep individual access and organizational access secure. Biometrics add an additional layer of security, such as - Touch ID, Face ID, or Fingerprint Managers
- Never store passwords on devices or in written form on a notepad. Instead, use a password manager to store them in a safe place. For example, 1Password, Keepass or Lastpass
- Resist using a common password pattern to reduce the chance of access from an attempted password spraying attack such as ‘Summer2020!’. A very well-known pattern is to use a common word (a company name, a season, or a city), capitalize the first letter, add a number (usually a year), and then a special character (! is probably the most common one)
- Implement non-standard password replacements such as using ‘_R’ instead of an ‘s’. The more unique the password, the more secure the password will be.
“The risks of using weak credentials have increased dramatically during the past year as most organizations rushed to give their users remote network access, which in the process, left organizations vulnerable to the types of attacks that could provide attackers with an easy foothold into the target network.”
“Attackers are exploiting the current hybrid work environment as they know that they can find more ways to take advantage of organizations and their employees. On World Password Day, we are encouraging all organizations and individuals to review, update and strengthen their passwords and policies. Implementing proactive and regular employee security awareness training as part of the organizational security strategy will also help increase the overall security posture and resilience of the organization.” Mark concludes.
The Consulting Services team at BSI provides an expansive range of solutions to help organizations address challenges in cybersecurity, information management and privacy, security awareness and compliance. For more information visit bsigroup.com/cyber-ie