Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Password Management. Show all posts
User Security
Cyber Security Data Safety Passkeys Password Management User Security

Here's Why Passkeys is a Good Option to Safeguard Your Data

 

The future belongs to passkeys. Even though you may not be using them yet, the time is quickly approaching when we won't need to create or remember passwords and will only need to use our username and biometrics to log in. 

However, it's evident from recent discussions with people outside of the tech sector that most customers don't even comprehend passkeys, much less trust them to safeguard their sensitive information and identities.

A passkey, in its simplest form, is an encrypted identity system that is localised and frequently employs biometrics for authentication. When you log in again, the system that you created the passkey for will read your shared user ID and request authentication (the passkey). The biometric security system you now have on your computer or phone can then be used for authentication. This might be an iris scan, facial recognition, or fingerprint. 

The system you are login into or yours does not ask for a password at any point during this process. To put it more tactically, let's say you go to Gmail and type in your user ID. After the mail platform accepts the ID, it issues a challenge that your passkey must locally answer in order to return a signature. The system can now request the biometric authentication that you previously configured on your laptop or phone. This page explains how passkey registrations and logins work. 

All I've explained takes place in a matter of seconds and doesn't require you to remember your login information or even have access to a password manager. 

Passkeys are powered by cryptographic wizardry that is concealed and never forces you to think about it, even if the backend system that manages all of this is quite complex and much beyond the comprehension of most users.

It's interesting to note that some customers still don't trust this level of protection since they think their phones could be stolen and used to access their accounts. This is untrue since the perpetrator would still want your fingers, face, or eyes. Yes, there is always the awful chance that someone will steal those pieces, but it is a very slim one. 

In the IT sector, there is a general consensus that passwords constitute a weak security system. One strong master password may not be the only password manager that puts you at risk. It's possible that those passwords are no longer secure after some of them have been hacked. Additionally, you are once again at risk if the password that secures the system is compromised.

Clearly, it's not just customers. Industries, institutions, and industries are suffering as a result of frequent ransomware attacks. Many of them begin with social engineering emails and then move on to other things like installing keystroke sniffing software, which allows them to track users as they input their passwords and IDs. But what if you never input a password? The ransomware attack could be thwarted before it starts. There is no other logical solution except a passwordless system.
Read more »
Security Risk
Cyber Security data security Password Password Management Security Risk

Nearly Half of Security Enterprises Store Passwords in Office Documents

 

A new survey conducted by identity management vendor Hitachi ID discovered that nearly 46% of IT and security enterprises store corporate passwords in office documents like spreadsheets making them vulnerable to a significant cyber threat. Hitachi ID surveyed 100 executives across EMEA and North America to recognize better how secure their password management is. 

It indicates that IT leaders aren’t practicing what they preach because almost all (94%) participants asserted they need password monitoring training, with 63% claiming they do so more than once a year.

“It raises an important question about how effective password management training is when nearly half the organizations are still storing passwords in spreadsheets and other documents, and 8% write them on sticky notes,” stated Nick Brown, CEO at Hitachi ID. Insecure passwords are still a leading cause of cyberattacks, and education alone is clearly not enough. More companies need to follow the lead of the 30% who report that they store passwords in a company-provided password manager.” 

The worrying thing is that many enterprises know their secrets and password management isn’t up to par. Question marks were also raised about the risks posed by departing employees. Only 5% say they were extremely confident that wasn’t possible. If they have to urgently terminate an employee, only 7% of enterprises were confident they can transfer passwords and credentials, terminate access, and maintain business continuity. 

That lack of confidence has real-world implications. Some 29% of respondents say they’ve experienced an incident in the past year where they lost access to product systems after an employee left the organization. Last year, it emerged that a former employee at a credit union destroyed 21GB of corporate data, including 20,000 files and almost 3500 directories in retaliation for being fired. 

According to Ian Reay, VP, Product Management at Hitachi ID, it is estimated that each employee might have as many as 70-100 passwords and “decentralized secrets” that could be exploited by attackers to gain access to and move through an organization. 

“In the midst of the Great Resignation, every organization should be extremely confident that passwords will stay in the company regardless of which employees come and go,” Reay concluded.
Read more »
Subscribe to: Posts (Atom)