You may want to change that password... a pet's name, the month, or a favorite movie just isn't enough!
I was just reading an article in ITworld Today that weak passwords are still the downfall of enterprise security. You may have read about a recent data breach that exposed Social Security numbers fo more than 255,000 people in Utah-- an incident that was a result of weak and default passwords. The breach, involved a Medicaid server at the Utah Department of Health, and resulted from a configuration errror at the authentication layer of the server hosting the compromised data, according to state IT officials.
Many security analysts believe that the breached server was using a default administrative password or an easily guessable one, and attackers took advantage of the error and were able to bypass the perimeter-netowork-application-level security controls that IT administrators had put in place to protect the data on the server.
These mistakes are surprisingly common and could easily be avoided by putting in passwords that are not easy to figure out.
Verizon released a report last month that showed that attacks exploiting weak passwords are still endemic in the retail and hospitality industries. Attackers can still go to a vendor's site, get a client list and click on those clients that have a default or guessable username-password combination. It was also reported by Verizon that "these are relatively easy attacks that require little in-depth knowledge or creativity."
People who use the same password for multiple accounts is also a huge issue. So... next time you are adding or changing a password...you may want to think twice about the password that you choose.
Until next time...
Bye for now,
Laurie
No comments:
Post a Comment