SlideShare a Scribd company logo

World Password Management Day, 2023.pdf

C
Chinatu Uzuegbu

It is important for Organizations to understand that Passwords are the weakest Authentication mechanisms...........

Presentations & Public Speaking
1 of 19
Download to read offline
Password as The Weakest Authentication Model! Chinatu Uzuegbu CISSP, CCISO, CISM, CISA, CEH, ….. Managing Cyber Security Consultant RoseTech CyberCrime Solutions Limited To Commemorate Password Management Day, 2023 (May 4, 2023)
Password as The Weakest Authentication Model! Preamble • Password as The Weakest Authentication Model! • Review your Password Management Policy or Framework. • Password Strength-Make it hard for the bad guys. • Minimum number of characters. • Combination of Character Strings. • Thresholds and Clipping Levels. • Password Expiration. • Sanctions on sharing or disclosing passwords. • Forcefully Disable on prolonged Idleness. • Add Randomness or salt to your password hashes. • Think Password-Less or Multi- Factor Authentication. • Password-less mechanism is The Way to Go!
Password as The Weakest Authentication Model! Passwords are seen as the weakest, even though, the cheapest of the three factors of Authentication overtime Poor Password Management Practices Easy-to-guess passwords Passwords pinned on the screen of your device Default Passwords User forgetting to log-out Saving Passwords on Browser Forms Billions of Passwords exposed on the Dark Web Passwords written in Diary Sharing or Disclosing Passwords
Enforce Password Management Policies/Frameworks if you must use Passwords To Build and Enforce the rules promoting good Password Management Practices Sanctions on Password Disclosure Disable ‘show Password’ on input Disable User account after maximum of 3 Password attempts Enforce Password Expirations Enforce Mix of Characters(Num+Alph+Symb ol+Block+Small+Special) Disable prolonged Idle Passwords and Enforce a Change on next log-on Enforce Pass Phrases or Security Questions on Password Reset Enforce Removal of ALL Default Passwords
Enforce Advanced Password Management Policies/Frameworks if you must use Passwords To Build and Enforce the rules promoting good Password Management Practices Enforce Encrypted and Secured Password Vaults/Managers Add Randomness or Salt to the Password Hashing Algorithm Remove un-necessary Services and their default passwords right from the BIOS. Employ the Strong Encryption Mechanism on Password Tables Think Multi-Factor Authentication or Password-less
Password Strength Make it hard for the bad guys Minimum of 12 Characters Alphanumerics Block Letters Small Letters Special/Symbolic Characters St%@ng3r!DnL#@n
Minimum number of characters Minimum Password Length acceptable by the governance and Policy of the organization. Some organizations would go with the minimum length of 8 or12 preferably, while others would go as long as 18 depending on the criticality of the Information you are calling to access.
Combination of Character Strings. Leveraging on Passwords with a mix of Characters such as Numbers, Alphabets, Symbols, Special Characters, Block and Small Letters and Others is a good practice and will ensure that even though, you can easily remember the password with the mix of characters, the bad guys would find it difficult and thus reduce the easy-to-guess password vulnerabilities posing a high risk on passwords across the globe.
Thresholds and Clipping Levels The password management policy should also enforce the disabling of accounts when Log-in Attempts exceed the clipping level or threshold set on the System. To some Organizations, the maximum clipping level is set to 3 attempts, this means that any Password attempt that goes beyond three would be blocked.
Password Expiration/Duration Some Organizations, depending on the criticality of the Information you are accessing would enforce the password to expire at Close-of-Business while some would enforce the expiration in 14 days, 30 days, 72 days, 3 months or more.
Sanctions on sharing or disclosing passwords. Sanctions that must apply if Passwords are unduly disclosed or shared. This would be a good way of deterring the Entities from any misuse or abuse of their passwords. The Sanction should also apply in every Service Level Agreement with other Parties or Vendors.
Forcefully Disable on prolonged Idleness Sanitize the system to ensure passwords are revoked when idle for a predefined time-frame. For example, if the User does not log-in or is idle for a month or more, disable the password and enforce the user to log-in with a new password when required. Disabling an Idle Session is also a good practice.
Secured Password Vaults/Managers Leverage on Password Vaults and Managers and ensure the vaults are adequately encrypted and secured.
Administrator should not Initialize Password on User Creation Enforce the User to input password on initial Log-in. Administrators should not initialize Passwords for the User to change on initial Log-on. This will promote a level of accountability and assure that the Administrator does not check-in with the user’s credential.
Add Randomness or salt to your password hashes Passwords of highly critical Information should be salted and at random while inputting it, to confuse the spying eye directly or remotely and to minimize brute force(https://www.fortinet.com/resources/c yberglossary/brute-force-attack) password guessing attacks.
Think Password-Less or Multi-Factor Authentication Organizations should think of building their Policies to combine passwords with time-bound tokens and Biometrics as the case may be. The truth is that applying passwords alone does not promote a strong authentication. Your authentication process is only strong when you combine it with something you have such as your smart card or token device or stronger if you join something you are such as Finger print enrollment along side.
Password-less mechanism is The Way to Go! The Top 11 Password-less Authentication Tools, 2023 https://cybersecuritynews.com/password-less-authentication/ Auth0 Okta Swoop Keyless Authsignal FusionAuth Trusona GateKeeper Proximity Authentication LastPass Ping Identity Magic FIDO
In Conclusion Good Password Management Processes with Organizational Password Policies and Framework would assure a reasonable level of security. Going the Password-less or Multi-Factor Authentication would mitigate a hail lot of risks around losses of Passwords and Credentials round the Globe. Happy Password Management Day, 2023!
Thank You! Chinatu Uzuegbu Managing Cyber Security Consultant RoseTech CyberCrime solutions Ltd. chinatuuzuegbu@outlook.com

Recommended

The strategies of password
The strategies of passwordThe strategies of password
The strategies of passwordMohammedAlhamoodi
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based SecurityRare Input
 
Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy QueryGloria Stoilova
 
Password management
Password managementPassword management
Password managementWilmington University
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4skimil
 
Password Management
Password ManagementPassword Management
Password ManagementPortalGuard dba PistolStar, Inc.
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crackKlaus Drosch
 
Password Management
Password ManagementPassword Management
Password ManagementDavon Smart
 

Recommended

The strategies of password
The strategies of passwordThe strategies of password
The strategies of passwordMohammedAlhamoodi
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based SecurityRare Input
 
Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy QueryGloria Stoilova
 
Password management
Password managementPassword management
Password managementWilmington University
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4skimil
 
Password Management
Password ManagementPassword Management
Password ManagementPortalGuard dba PistolStar, Inc.
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crackKlaus Drosch
 
Password Management
Password ManagementPassword Management
Password ManagementDavon Smart
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewYury Chemerkin
 
IAM Password
IAM PasswordIAM Password
IAM PasswordAidy Tificate
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingHajer alriyami
 
Best Practices for Password Creation
Best Practices for Password CreationBest Practices for Password Creation
Best Practices for Password CreationnFront Security
 
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and CompliancePortalGuard
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewSTO STRATEGY
 
WHS-hackability-Index-083013
WHS-hackability-Index-083013WHS-hackability-Index-083013
WHS-hackability-Index-083013Janis Weiss
 
5 tips for an unbreakable password
5 tips for an unbreakable password5 tips for an unbreakable password
5 tips for an unbreakable passwordSafeSpaceOnline
 
Session4-Authentication
Session4-AuthenticationSession4-Authentication
Session4-Authenticationzakieh alizadeh
 
W make107
W make107W make107
W make107Greg in SD
 
10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraudWebSitePulse
 
How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistPixel Crayons
 
Strong Passwords
Strong PasswordsStrong Passwords
Strong PasswordsNorth Carolina State University
 
Possible security issues with data
Possible security issues with dataPossible security issues with data
Possible security issues with dataColonel_Black
 
An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication IJMER
 
2 factor authentication presentation
2 factor authentication presentation2 factor authentication presentation
2 factor authentication presentationJoel Gross - SEO & DESIGN
 
Protect Your Business With Web Security
Protect Your Business With Web SecurityProtect Your Business With Web Security
Protect Your Business With Web SecurityHarrison Kenyon Marketing
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...SBA Research
 
Basic Security Requirements
Basic Security RequirementsBasic Security Requirements
Basic Security RequirementsSteven Cahill
 
Business Process Revamp is Paramount in 2024.pdf
Business Process Revamp is Paramount in 2024.pdfBusiness Process Revamp is Paramount in 2024.pdf
Business Process Revamp is Paramount in 2024.pdfChinatu Uzuegbu
 
Preventing Cloud Data Breaches.pdf
Preventing Cloud Data Breaches.pdfPreventing Cloud Data Breaches.pdf
Preventing Cloud Data Breaches.pdfChinatu Uzuegbu
 

More Related Content

Similar to World Password Management Day, 2023.pdf

Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewYury Chemerkin
 
Best Practices for Password Creation
Best Practices for Password CreationBest Practices for Password Creation
Best Practices for Password CreationnFront Security
 
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and CompliancePortalGuard
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewSTO STRATEGY
 
WHS-hackability-Index-083013
WHS-hackability-Index-083013WHS-hackability-Index-083013
WHS-hackability-Index-083013Janis Weiss
 
5 tips for an unbreakable password
5 tips for an unbreakable password5 tips for an unbreakable password
5 tips for an unbreakable passwordSafeSpaceOnline
 
10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraudWebSitePulse
 
How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistPixel Crayons
 
Possible security issues with data
Possible security issues with dataPossible security issues with data
Possible security issues with dataColonel_Black
 
An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication IJMER
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...SBA Research
 
Basic Security Requirements
Basic Security RequirementsBasic Security Requirements
Basic Security RequirementsSteven Cahill
 

Similar to World Password Management Day, 2023.pdf (20)

Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 
IAM Password
IAM PasswordIAM Password
IAM Password
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
Best Practices for Password Creation
Best Practices for Password CreationBest Practices for Password Creation
Best Practices for Password Creation
 
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and Compliance
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 
WHS-hackability-Index-083013
WHS-hackability-Index-083013WHS-hackability-Index-083013
WHS-hackability-Index-083013
 
5 tips for an unbreakable password
5 tips for an unbreakable password5 tips for an unbreakable password
5 tips for an unbreakable password
 
Session4-Authentication
Session4-AuthenticationSession4-Authentication
Session4-Authentication
 
W make107
W make107W make107
W make107
 
10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud
 
How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security Checklist
 
Strong Passwords
Strong PasswordsStrong Passwords
Strong Passwords
 
Possible security issues with data
Possible security issues with dataPossible security issues with data
Possible security issues with data
 
An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication
 
2 factor authentication presentation
2 factor authentication presentation2 factor authentication presentation
2 factor authentication presentation
 
Protect Your Business With Web Security
Protect Your Business With Web SecurityProtect Your Business With Web Security
Protect Your Business With Web Security
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
 
Basic Security Requirements
Basic Security RequirementsBasic Security Requirements
Basic Security Requirements
 

More from Chinatu Uzuegbu

Business Process Revamp is Paramount in 2024.pdf
Business Process Revamp is Paramount in 2024.pdfBusiness Process Revamp is Paramount in 2024.pdf
Business Process Revamp is Paramount in 2024.pdfChinatu Uzuegbu
 
Preventing Cloud Data Breaches.pdf
Preventing Cloud Data Breaches.pdfPreventing Cloud Data Breaches.pdf
Preventing Cloud Data Breaches.pdfChinatu Uzuegbu
 
Securing The Clouds Proactively-BlackisTech.pptx
Securing The Clouds Proactively-BlackisTech.pptxSecuring The Clouds Proactively-BlackisTech.pptx
Securing The Clouds Proactively-BlackisTech.pptxChinatu Uzuegbu
 
Securing The Clouds with The Standard Best Practices-1.pdf
Securing The Clouds with The Standard Best Practices-1.pdfSecuring The Clouds with The Standard Best Practices-1.pdf
Securing The Clouds with The Standard Best Practices-1.pdfChinatu Uzuegbu
 
The Nigerian Cybersecurity Space-How Regulated Are We?
The Nigerian Cybersecurity Space-How Regulated Are We?The Nigerian Cybersecurity Space-How Regulated Are We?
The Nigerian Cybersecurity Space-How Regulated Are We?Chinatu Uzuegbu
 
Fundamentals for Stronger Cloud Security2.pdf
Fundamentals for Stronger Cloud Security2.pdfFundamentals for Stronger Cloud Security2.pdf
Fundamentals for Stronger Cloud Security2.pdfChinatu Uzuegbu
 
Effectiveness of Cyber Security Awareness.pdf
Effectiveness of Cyber Security Awareness.pdfEffectiveness of Cyber Security Awareness.pdf
Effectiveness of Cyber Security Awareness.pdfChinatu Uzuegbu
 
What The Cyber Entails-2.pdf
What The Cyber Entails-2.pdfWhat The Cyber Entails-2.pdf
What The Cyber Entails-2.pdfChinatu Uzuegbu
 
What The Cyber Entails-1.pdf
What The Cyber Entails-1.pdfWhat The Cyber Entails-1.pdf
What The Cyber Entails-1.pdfChinatu Uzuegbu
 
Combating Cyber Crimes Proactively.pdf
Combating Cyber Crimes Proactively.pdfCombating Cyber Crimes Proactively.pdf
Combating Cyber Crimes Proactively.pdfChinatu Uzuegbu
 
Identity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdfIdentity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdfChinatu Uzuegbu
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Practical approach to combating cyber crimes
Practical approach to combating cyber crimesPractical approach to combating cyber crimes
Practical approach to combating cyber crimesChinatu Uzuegbu
 
Cyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpCyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpChinatu Uzuegbu
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Chinatu Uzuegbu
 
Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015Chinatu Uzuegbu
 
Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Chinatu Uzuegbu
 
Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Chinatu Uzuegbu
 
Cyber Security Awareness Month 2017
Cyber Security Awareness Month 2017Cyber Security Awareness Month 2017
Cyber Security Awareness Month 2017Chinatu Uzuegbu
 

More from Chinatu Uzuegbu (20)

Business Process Revamp is Paramount in 2024.pdf
Business Process Revamp is Paramount in 2024.pdfBusiness Process Revamp is Paramount in 2024.pdf
Business Process Revamp is Paramount in 2024.pdf
 
Preventing Cloud Data Breaches.pdf
Preventing Cloud Data Breaches.pdfPreventing Cloud Data Breaches.pdf
Preventing Cloud Data Breaches.pdf
 
Securing The Clouds Proactively-BlackisTech.pptx
Securing The Clouds Proactively-BlackisTech.pptxSecuring The Clouds Proactively-BlackisTech.pptx
Securing The Clouds Proactively-BlackisTech.pptx
 
Securing The Clouds with The Standard Best Practices-1.pdf
Securing The Clouds with The Standard Best Practices-1.pdfSecuring The Clouds with The Standard Best Practices-1.pdf
Securing The Clouds with The Standard Best Practices-1.pdf
 
The Nigerian Cybersecurity Space-How Regulated Are We?
The Nigerian Cybersecurity Space-How Regulated Are We?The Nigerian Cybersecurity Space-How Regulated Are We?
The Nigerian Cybersecurity Space-How Regulated Are We?
 
Fundamentals for Stronger Cloud Security2.pdf
Fundamentals for Stronger Cloud Security2.pdfFundamentals for Stronger Cloud Security2.pdf
Fundamentals for Stronger Cloud Security2.pdf
 
Effectiveness of Cyber Security Awareness.pdf
Effectiveness of Cyber Security Awareness.pdfEffectiveness of Cyber Security Awareness.pdf
Effectiveness of Cyber Security Awareness.pdf
 
What The Cyber Entails-2.pdf
What The Cyber Entails-2.pdfWhat The Cyber Entails-2.pdf
What The Cyber Entails-2.pdf
 
What The Cyber Entails-1.pdf
What The Cyber Entails-1.pdfWhat The Cyber Entails-1.pdf
What The Cyber Entails-1.pdf
 
Combating Cyber Crimes Proactively.pdf
Combating Cyber Crimes Proactively.pdfCombating Cyber Crimes Proactively.pdf
Combating Cyber Crimes Proactively.pdf
 
Identity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdfIdentity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdf
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatu
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.
 
Practical approach to combating cyber crimes
Practical approach to combating cyber crimesPractical approach to combating cyber crimes
Practical approach to combating cyber crimes
 
Cyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpCyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-Up
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6
 
Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015
 
Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3
 
Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2
 
Cyber Security Awareness Month 2017
Cyber Security Awareness Month 2017Cyber Security Awareness Month 2017
Cyber Security Awareness Month 2017
 

Recently uploaded

SBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation TrackSBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation TrackSebastiano Panichella
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )Pooja Nehwal
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSebastiano Panichella
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)Basil Achie
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxBasil Achie
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxmavinoikein
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...NETWAYS
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringSebastiano Panichella
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSebastiano Panichella
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...NETWAYS
 

Recently uploaded (20)

SBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation TrackSBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation Track
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptx
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software Engineering
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
 

World Password Management Day, 2023.pdf

  • 1. Password as The Weakest Authentication Model! Chinatu Uzuegbu CISSP, CCISO, CISM, CISA, CEH, ….. Managing Cyber Security Consultant RoseTech CyberCrime Solutions Limited To Commemorate Password Management Day, 2023 (May 4, 2023)
  • 2. Password as The Weakest Authentication Model! Preamble • Password as The Weakest Authentication Model! • Review your Password Management Policy or Framework. • Password Strength-Make it hard for the bad guys. • Minimum number of characters. • Combination of Character Strings. • Thresholds and Clipping Levels. • Password Expiration. • Sanctions on sharing or disclosing passwords. • Forcefully Disable on prolonged Idleness. • Add Randomness or salt to your password hashes. • Think Password-Less or Multi- Factor Authentication. • Password-less mechanism is The Way to Go!
  • 3. Password as The Weakest Authentication Model! Passwords are seen as the weakest, even though, the cheapest of the three factors of Authentication overtime Poor Password Management Practices Easy-to-guess passwords Passwords pinned on the screen of your device Default Passwords User forgetting to log-out Saving Passwords on Browser Forms Billions of Passwords exposed on the Dark Web Passwords written in Diary Sharing or Disclosing Passwords
  • 4. Enforce Password Management Policies/Frameworks if you must use Passwords To Build and Enforce the rules promoting good Password Management Practices Sanctions on Password Disclosure Disable ‘show Password’ on input Disable User account after maximum of 3 Password attempts Enforce Password Expirations Enforce Mix of Characters(Num+Alph+Symb ol+Block+Small+Special) Disable prolonged Idle Passwords and Enforce a Change on next log-on Enforce Pass Phrases or Security Questions on Password Reset Enforce Removal of ALL Default Passwords
  • 5. Enforce Advanced Password Management Policies/Frameworks if you must use Passwords To Build and Enforce the rules promoting good Password Management Practices Enforce Encrypted and Secured Password Vaults/Managers Add Randomness or Salt to the Password Hashing Algorithm Remove un-necessary Services and their default passwords right from the BIOS. Employ the Strong Encryption Mechanism on Password Tables Think Multi-Factor Authentication or Password-less
  • 6. Password Strength Make it hard for the bad guys Minimum of 12 Characters Alphanumerics Block Letters Small Letters Special/Symbolic Characters St%@ng3r!DnL#@n
  • 7. Minimum number of characters Minimum Password Length acceptable by the governance and Policy of the organization. Some organizations would go with the minimum length of 8 or12 preferably, while others would go as long as 18 depending on the criticality of the Information you are calling to access.
  • 8. Combination of Character Strings. Leveraging on Passwords with a mix of Characters such as Numbers, Alphabets, Symbols, Special Characters, Block and Small Letters and Others is a good practice and will ensure that even though, you can easily remember the password with the mix of characters, the bad guys would find it difficult and thus reduce the easy-to-guess password vulnerabilities posing a high risk on passwords across the globe.
  • 9. Thresholds and Clipping Levels The password management policy should also enforce the disabling of accounts when Log-in Attempts exceed the clipping level or threshold set on the System. To some Organizations, the maximum clipping level is set to 3 attempts, this means that any Password attempt that goes beyond three would be blocked.
  • 10. Password Expiration/Duration Some Organizations, depending on the criticality of the Information you are accessing would enforce the password to expire at Close-of-Business while some would enforce the expiration in 14 days, 30 days, 72 days, 3 months or more.
  • 11. Sanctions on sharing or disclosing passwords. Sanctions that must apply if Passwords are unduly disclosed or shared. This would be a good way of deterring the Entities from any misuse or abuse of their passwords. The Sanction should also apply in every Service Level Agreement with other Parties or Vendors.
  • 12. Forcefully Disable on prolonged Idleness Sanitize the system to ensure passwords are revoked when idle for a predefined time-frame. For example, if the User does not log-in or is idle for a month or more, disable the password and enforce the user to log-in with a new password when required. Disabling an Idle Session is also a good practice.
  • 13. Secured Password Vaults/Managers Leverage on Password Vaults and Managers and ensure the vaults are adequately encrypted and secured.
  • 14. Administrator should not Initialize Password on User Creation Enforce the User to input password on initial Log-in. Administrators should not initialize Passwords for the User to change on initial Log-on. This will promote a level of accountability and assure that the Administrator does not check-in with the user’s credential.
  • 15. Add Randomness or salt to your password hashes Passwords of highly critical Information should be salted and at random while inputting it, to confuse the spying eye directly or remotely and to minimize brute force(https://www.fortinet.com/resources/c yberglossary/brute-force-attack) password guessing attacks.
  • 16. Think Password-Less or Multi-Factor Authentication Organizations should think of building their Policies to combine passwords with time-bound tokens and Biometrics as the case may be. The truth is that applying passwords alone does not promote a strong authentication. Your authentication process is only strong when you combine it with something you have such as your smart card or token device or stronger if you join something you are such as Finger print enrollment along side.
  • 17. Password-less mechanism is The Way to Go! The Top 11 Password-less Authentication Tools, 2023 https://cybersecuritynews.com/password-less-authentication/ Auth0 Okta Swoop Keyless Authsignal FusionAuth Trusona GateKeeper Proximity Authentication LastPass Ping Identity Magic FIDO
  • 18. In Conclusion Good Password Management Processes with Organizational Password Policies and Framework would assure a reasonable level of security. Going the Password-less or Multi-Factor Authentication would mitigate a hail lot of risks around losses of Passwords and Credentials round the Globe. Happy Password Management Day, 2023!
  • 19. Thank You! Chinatu Uzuegbu Managing Cyber Security Consultant RoseTech CyberCrime solutions Ltd. chinatuuzuegbu@outlook.com