“
FINAL WORD
THE MOST IMPORTANT
SECURITY RECOMMENDATION FOR
EVERYONE IS TO ENSURE THAT
EVERY PASSWORD YOU USE IS
UNIQUE AND NOT SHARED WITH
ANY OTHER RESOURCE.
media are their tools of choice, which
suggests that traditional email may slowly
fade away like postal correspondence, or the
fax machine. The demise of email may take
a few more decades to transpire, but this
downshift is well underway.
having to remember every single one. The
passwords are basically stored behind one
unique ‘master’ password (it may also be
referred to as a ‘key’ or ‘secret’) that only
the individual knows. While this is a good
solution for home and small business users
(to a limited degree), it does not scale
to most businesses that need to share
accounts (due to technology limitations) and
automatically generate unique passwords,
such as to keep up with employee changes
or to meet regulatory compliance guidelines.
Another security best practice to be mindful
of – a password alone should never be the
only authentication mechanism for critical
data, sensitive systems and potentially daily
operations into those resources. Multi-
factor authentication (MFA) or two-factor
authentication (2FA) should be layered
on top to ensure a unique password, per
account, is actually being used by the correct
identity when authentication is required.
All of this helps further refine the single best
recommendation. Remember, we need to
consider a universal security recommendation
that translates to everyone.
Fixing an age-old security issue
Regardless of persona at home or at work,
the one thing everyone uses are passwords.
We use passwords for work, for resources
on the Internet, for social media and
for our applications. We use them in the
form of passcodes and PINs for banking,
mobile devices and for office and home
alarm systems. Passwords are ubiquitous
and we use them constantly – even on
newer systems that ironically claim to
be ‘passwordless’. In these instances,
a mechanism under the hood is still
identifying your access rights and storing
that ‘somehow’.
The most common storage of any password
is within a single human brain. We assign a
password to a system or application, recall
it when it needs to be used and hopefully
remember it each time we change it. Our
brains are full of passwords and often we
forget them, reuse them, need to share them
and are forced to document them on post-it
notes, spreadsheets and even communicate
them via email or SMS text messages (a very
poor security practice).
These insecure methods for creating,
sharing and reusing passwords are
responsible for the types of data breaches
that routinely make the front-page news,
serving as cautionary tales of what is at
high-risk of happening when good password
86
INTELLIGENTCIO
Morey Haber, CTO and CISO, BeyondTrust
management strategies are not adhered
too. The ramifications crisscross both our
professional and personal lives.
Passwords literally can be found everywhere
and we need at least one basic tenant
to help fix a thousand-year old problem.
Therefore, the most important security
recommendation for everyone is to ensure
that every password you use is unique
and not shared with any other resource
(including people) at any other time.
One key merit of this universal security
recommendation is that it ensures
that if your password is stolen, leaked,
or inappropriately used, it can only be
leveraged against the corresponding
resource assigned (if MFA or 2FA is not
present). If passwords are unique, a threat
actor cannot use one compromised account
and password to attack other resources.
The attacker’s options and movement are
significantly limited, though they could try
to leverage advanced techniques to steal
other credentials from the system they
have compromised, such as by scraping
passwords from memory. In that case, not
only generating unique passwords, but
also rotating passwords frequently will help
mitigate the attack.
While there is no denying that
remembering an already considerable
and ever-expanding list of passwords
(an average of 120 for the modern-day
corporate user) is improbable for most
humans, there are password management
tools, solutions and techniques for making
this a reality, thereby going a long way
towards reducing password-related threats. Solutions for privileged password
management across an organisation’s entire
information and security infrastructure can
help. Advanced tools provide automated
management for sensitive accounts and
passwords (including SSH key management),
such as shared administrative accounts,
application accounts, local administrative
accounts and service accounts, across nearly
all IP-enabled devices.
Modern operating systems, browsers
and applications can help create unique
passwords for every resource, and securely
store them for retrieval in lieu of a human This helps ensure this top security
recommendation can be implemented
across any organisation to enforce strong
enterprise password security. n
www.intelligentcio.com