World Password Day with Tyler Moffitt, Senior Security Analyst at OpenText Cybersecurity
May 2024 by Tyler Moffitt, Senior Security Analyst & Community Manager, OpenText Cybersecurity
Over the years, we’ve observed a significant shift in how cybercriminals exploit password vulnerabilities. Initially dominated by brute force attacks, which rely on computational power to guess passwords, the landscape has shifted towards more sophisticated methods. However, it’s important to note that brute force attacks remain relevant due to advancements in technology. The increase in GPU power has made these types of attacks more feasible, allowing cybercriminals to crack passwords faster than ever before. This persistence, along with a rise in phishing attacks and credential stuffing, where attackers exploit poor password hygiene and use previously breached data to access new systems, highlight the need for robust password policies and advanced security measures.
To combat the sophistication of these threats, it’s vital to adopt a layered security approach:
• Strengthen Password Policies: Implement policies that require longer, complex passwords that are difficult to guess or crack.
• Promote the Use of Password Managers: Encourage users to adopt password managers to generate and store unique, robust passwords for every account.
• Expand Multi-Factor Authentication (MFA) Adoption: Push for broader use of robust MFA techniques, particularly those that employ physical or biometric factors, which provide higher security than knowledge-based factors. Hardware tokens or biometric verification are far superior to SMS or email-based verification, which remain susceptible to interception and manipulation techniques like SIM swapping.
• Educate and Train Users: Regularly educate users about the importance of password security and the latest phishing tactics, to reduce the risk of social engineering attacks.