#BeAware: Handling of Passwords

16. April 2019

A prominent case from the news: About 4 weeks ago the public learned that Facebook has been storing passwords in plain text since 2012. In a blog post Facebook confirmed that millions of users were affected. Although the passwords stored in credentials databases were encrypted according to security standards, they were accessible in plain text on internal servers by about 20,000 employees.

Over the last few years, such incidents have occurred time and time again. This goes to show that users cannot trust a provider to handle their personal data with appropriae care. Having strong passwords is extremely important but not always sufficient. It is also important to use unique passwords for different accounts and to change them if there is any suspicion of a security leak. Otherwise, a compromised password could trigger a domino effect with serious consequences.

Although most people are aware of such recommendations, more than half of all users use their passwords multiple times. Not surprising, considering how many accounts a single person typically manages today!

So what can you do? One possibility to master the overwhelming amount of accounts and required passwords is to use a password manager. KeePass or other providers are suitable for this purpose. They enable you to manage accounts and passwords and to randomly generate secure passwords. Your own account data is encrypted according to a strict encryption standard. Afterwards you only have to remember one strong master password.


About #BeAware: We all know them from our daily work: security tips, the latest virus reports, horror stories from the world of cyber security. With #BeAware, usd security awareness experts would like to help you understand these messages. The articles highlight relevant IT security issues and the most common methods used by hackers and criminals, and give tips on what anyone can do to protect themselves and their company. For more security.

Also interesting:

PCI DSS v4.0: INFI Worksheet Discontinued

PCI DSS v4.0: INFI Worksheet Discontinued

The Payment Card Industry Security Standards Council (PCI SSC) announced it is discontinuing the Items Noted for Improvement (INFI) Worksheet. INFI, a template for documenting items for improvement, had been introduced with PCI DSS v4.0. Effective immediately, QSAs...

The Surprising Complexity of Finding Known Vulnerabilities

The Surprising Complexity of Finding Known Vulnerabilities

IT security professionals need an efficient and reliable solution for identifying known vulnerabilities in a software product, given its name and version. Our colleagues at usd HeroLab place high demands on such a solution. They evaluated several available solutions...

Categories

Categories