Ace comedian Jimmy Kimmel, who is known for tickling our funny bones through his television shows, tried a social engineering experiment last week. In the backdrop of high profile cyber-security incidents, he wanted to measure how safe people’s passwords are. The show has exposed the harsh truth that despite the ever-increasing threats to information security and data privacy, people attach the least importance to password security!
In the last few days, you might have noticed this viral video in social media. If you haven’t watched it yet, here is the link:
This video should serve as an eye-opener to all of us, especially to those in the IT community. While at the individual level, people tend to use easy-to-remember passwords and reuse it on multiple accounts for their convenience, a lot among the tech-savvy users in IT too adopt shortcuts to manage even the administrative passwords that grant unlimited access privileges.
Though IT administrators do not use ludicrous passwords like 123456, they do adopt insecure password management practices. Some of the most common flawed practices in IT environments include:
-
Assigning weak passwords / factory defaults to IT assets
-
Storing administrative passwords of IT assets in plain text on volatile sources, such as sticky notes, spread sheets, printouts, and text documents
-
Using the same password or a set of passwords on multiple IT systems
-
Sharing passwords with other technicians by email and phone calls
-
Allowing the passwords to remain unchanged for an extended period of time
Lack of proper password management can lead to sensitive passwords being widely known to all in the organization. This results in uncontrolled access to IT assets without any centralized control or monitoring. As a result, organizations become vulnerable to identity thefts and security breaches.
Password Management – Foundation for Information Security
Cyber-criminals have firmly set their eyes on obtaining the login credentials through various techniques. On the other hand, individuals and organizations are drowning on a pile of ever-increasing number of passwords. Safeguarding the passwords is fundamental to information security, as deficiencies here lead directly to identity thefts shaking the very foundation of organizations.
IT security experts say that almost half of all breaches exploit weak or stolen credentials. In fact, stolen credentials, especially the ones offering administrative access serve as the starting point of Advanced Persistent Threats (APT).
Enterprises and individuals should safeguard their passwords by adopting the best practices. We have explained time and time again throughout this blog series the three best basic practices– assigning strong, unique passwords to websites, applications and IT assets, periodically changing them and securely storing them.
It is highly unlikely that people are able to remember complex passwords. Manually managing and monitoring administrative passwords can be quite cumbersome, which is why you need an automated approach to password management.
Use a Password Manager
You can easily safeguard your passwords by using a password management solution like ManageEngine Password Manager Pro. With a password manager, you can secure all of your passwords in a centralized repository, use strong, unique passwords without remembering them, automate and enforce password management best practices, control access to resources and applications, keep track of activities, and do much more.
Chandramouli Dorai
Password Manager Pro – Quick Video | Free Trial Download | White Papers | Success Stories