Don’t believe the numbers without first understanding the problem. There has been a lot of cyber companies putting out their spin regarding Verizon’s April 2017 Data Breach Investigation Report (DBIR) . In the report they claim, “81% of the tactics used were of hacking-related breaches leveraged either stolen and/or weak passwords.”
This makes sense when you consider that over 90% of all authentication methods rely on passwords, but let’s look behind these numbers and what the report doesn’t say.
- Users are notoriously bad at generating passwords. So get them out of the equation. Using silly tricks to generate and remember passwords don’t work.
- The burden that IT put on users to generate and change passwords only adds to the problem.
- Many password data files are left un-encrypted, the hash values are not salted, and are stored in servers that also hosts public information.
- People will reveal passwords to total strangers (social engineering)
- If encryption keys and biometric templates were managed as poorly as passwords, they would be just as many breaches, but the damage would be far worst. It is expensive to generate and issue new keys, and changing ones biometrics is very difficult, painful and expensive.
- Switching from one singles factor of authentication to a different single factor does not make your networks more secure. You need to adopt two-factor or multi-factor authentication.
- Passwords are secure when the same methodologies are used to protect and manage “encryption key”. Like we do with Power LogOn.
If you want to know the true about passwords, and you want to know ways to fix the weakest links in cybersecurity, please check out my book, Making Passwords Secure, available on Amazon.