The most common way hackers breach a system is through the password. Password is usually the first line of defence that shows a system that you are who you say you are, i.e. the password authenticates a user and gives them access to a system. Most people are guilty of handling passwords shabbily, which is why hackers continue to use them, and surprise, hackers keep succeeding.
Most organisations put other measures in place to ensure that even when a user's password is breached, a hacker cannot do more damage to the firm or access confidential information. Some of these measures include settings which involve a user having limited access to certain info from certain locations. At the same time, some impose a compulsory Multi-factor authentication (MFA) which could include an OTP or a token and a 2-factor authentication app.
While the above-listed measures help provide an extra layer of security and keep hackers and social engineers out, they are just some scenarios that they do not apply. So it is always best that firms spend time educating and training staff on how best to handle and manage passwords. In the slide, one security awareness training in a year is not enough in password management. The organisation have to be more intentional about this.
The best way for organisations to show their intentionality is by investing in a password management tool that could be used to monitor and set parameters for passwords. Firms invest in directories that are capable of doing this same function. The major point of action is that the password in the organisation is managed and monitored. These tools also enable firms to force users to change their password after a certain period, which, in a way, hardens the system.
Aside from these controls, the firm should ensure that a spot check is conducted on staff workstations to see if staff do not write their password down and if users log off their system when walking away. Although this act should be discouraged and made known through the information security awareness held and the weekly security newsletter sent across the board.
Alongside these controls, users should be educated enough not to share their passwords and also be careful about the type of password managers day use. Also, using a particular password for all accounts they own (Including emails and social media) should be discouraged and discontinued if already in play. Also, the firm could harden passwords by ensuring that a certainly used password can not be reused.
Posted Using LeoFinance Beta
Congratulations @lebey1! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)
Your next target is to reach 60000 upvotes.
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOPTo support your work, I also upvoted your post!
Check out our last posts:
Support the HiveBuzz project. Vote for our proposal!