The road to password hell is paved with good intentions

Sinisha Patkovic of Authlogics

False negatives from online password breach tools could be giving your organisation misplaced confidence, regarding its cyber security status. Right now, your data and documents could be exposed and being exploited despite your best intentions and being given the green light, says Sinisha Patkovic of Authlogics.

There is no sign of threat posed by breached passwords abating, despite advances in technology, greater awareness about cybersecurity and the potential for stiff penalise to be imposed by regulators. If anything, the problem is growing. Last month, ITProPortal reported that 83% of organisations that experienced a data breach in the last 12 months attributed the cause to a compromised password or stolen identity. 

In recent weeks Ubisoft announced that it would be conducting a company-wide password reset, as a result of a cyber security incident. Meanwhile, it has been reported in the past few days that in January, hackers were able to access a spreadsheet of passwords relating to domain administrator accounts of the customer service company Sitel. According to an article published by TechCrunch it was exported from an employee’s LastPass password manager. Worse still, it is suggested that it led to the subsequent compromising of the authentication company Okta.

To highlight the sheer scale of the password breach problem, Authlogic published a blog in 2017 which stated there were 306 million passwords known to have been compromised (pwned) in data breaches. It was a shocking statistic at the time, however, today, the figure is more than four billion records and growing. Checking whether an account has been pwned is quick, simple, and free, however exercise caution because not all free online services are made equal, even if have the very best of intentions. Put simply, if you want to have confidence in your results, then you need to test your accounts against the largest possible database of up-to-date breach records, anything less and you run the real risk of a false negative. 

As the saying goes, there is a difference between doing the right thing and doing things right. Checking the breach status of passwords is always the right thing to do. Just be sure it is being done in the right way. Once you know your breach status, you can take immediate corrective action, and take steps to prevent passwords from ever being a vulnerability for your organisation.

The tools are available, affordable and accessible, whether you are a sole trader, or the largest enterprise. Should your organisation succumb to a data breach as the result of a preventable password attack, the phrase Ignorantia juris non excusat will almost certainly apply.

The author is Sinisha Patkovic of Authlogics.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Autonomous vehicles are six times safer and twice as likely to detect a collision risk

Posted on: May 23, 2022

London, UK. 23 May 2022 – Autonomous vehicles (AV) trained using extreme one-in-a-million accident data and ‘near-miss’ scenarios can achieve a six-fold improvement on the detection of a collision risk posed by other road users compared to vehicles being trained using traditional approaches. That’s the finding of D-RISK, a co-innovation project part funded by the

Read more

3 ways Augmented Reality and IoT can transform your service team

Posted on: May 23, 2022

Modern service teams are winning customer trust and increasing service profitability by optimising every aspect of the service dispatch— from how they communicate with connected products to how they train technicians and scale expertise.

Read more
FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more