2020 is an exceptional year in human history, as humanity is forced to follow a stern framework for socializing within their own communities. We now rely more than ever on virtual connections in order to continue working within our jobs. As businesses shift to remote working models, securing the new remote virtual environment, including passwords, is a critical task.
The smallest of things can be overlooked when it comes to securing business processes and operations. One might even overlook the vulnerabilities of passwords, the irony being that they were originally designed to protect systems forom unwanted access. When users re-use old passwords or patterns, the risk is higher that they will be pwned from other platforms.
How to increase password security
There are several tools that can be used to secure passwords. The first tool is the “Have I been Pwned ” API. This website was designed and developed by Troy Hunt, who created the site for people to check if their passwords were among the data leaked from data breaches from all over the world. The API provides the following features when integrated with an organization’s services:
- Retrieving all breaches for an account;
- Locating all breached sites in the system;
- Reaching a single breached site; and
- Getting all data classes.
Another tool that can be used is Azure AD Password Protection, which allows a system admin to block weak passwords and their variants, along with setting up parameters that fit the business environment. This allows only for passwords that fit the secure criteria when setting up.
While Azure ADPassword Protection might be an optimal solution for many users, it doesn’t fully address the vulnerabilities, because it lacks knowledge of breached passwords and has no end-user experience. However, password auditors can be used to help system admins scan their environment for blank, breached, identical or expiring passwords, as well as stale admin accounts.
Conclusion
Passwords still remain on the top list of vulnerabilities, and a risk factor that many businesses must address within their security plan and policies. Having the latest, advanced lock on a safe will mean nothing if the mechanics of the lock are broken.
To understand more about securing your systems and business, contact Agilient for professional cybersecurity consulting and implementation.
Author: Saeed Baayoun, Agilient Consultant