Cyber Security Awareness 004: Password Management

By -



Password Madness

It used to be simple to remember your passwords, you might have a couple of computers, a few email accounts and your bank count but as the internet grew so did the requirement for logins and as applications have moved to the cloud that's grown exponentially.

When I first started in IT the requirement was 6 characters, a combination of 2 character types and it was only updated annually. The best practice soon changed to a minimum of 8 characters, a combination of 3 out of four (uppercase; lowercase; numbers; symbols).

Moving towards the recommendation of today's options being:

  • A sequence of random non-personalised words (4-6 words)
  • A short sentence with punctuation
  • Alternatively:
    • At least 12 characters long but 14 or more is better
    • A combination of uppercase letters, lowercase letters, numbers, and symbols.
    • Not a word that can be found in a dictionary or the name of a person, character, product, or organisation.
    • Significantly different from your previous passwords.
NB: These options are determined by the restrictions/requirements of the authentication provider

A Brief History of Passwords

While the concept of passwords has been around for centuries, their modern usage can be traced back to the early days of computing.

Ancient Origins 

Passwords, or "watchwords," were used by ancient civilisations like the Romans to distinguish friend from foe.

Early Computing 

In the 1960s, the MIT Compatible Time-Sharing System (CTSS) introduced the concept of passwords for individual users to access their files on a shared computer.
Password Cracking: As computers became more powerful, so did the ability to crack passwords. Techniques like brute force attacks, where every possible combination is tried, became more common.

Password Hashing 

To improve security, password hashing was developed. This involves converting a password into a unique code, making it difficult for hackers to reverse engineer.

Password Managers 

With the proliferation of online accounts, password managers emerged to help users securely store and manage their credentials.

Beyond Passwords 

Today, there is a growing movement towards passwordless authentication methods, such as biometrics (fingerprints, facial recognition) and security keys.

The Future of Passwords

While passwords have served their purpose for decades, the increasing complexity of online threats has led to a search for more secure and convenient authentication methods which will be discussed in further posts, but some examples are:
  • Password-Based
  • MFA
  • Certificate-Based
  • Biometric
  • Token-Based
  • SSO (Single-Sign-On)
  • Social
  • Adaptive
The move towards more and more online solutions means that the immediate future of passwords must deal with simplifying and streamlining authentication methods between platforms.
This should mean a reduction in the need to enter passwords as often, but, the complexity requirements will increase, especially as AI will be leveraged to assist in cracking methods.

Password managers will become more and more of a necessity to ensure complexity, uniqueness and alerting for breaches security scores etc.

As always, we can only wait and see how it evolves but for now, you must practice safe password management, the video below is a sample from our Cyber Awareness solution:


Reference

General History of Passwords

A comprehensive overview of passwords, including their historical development | Wikipedia. (2024, June 14). Wikipedia.
https://en.wikipedia.org/wiki/Wikipedia:10,000_most_common_passwords
 
A brief summary of the evolution of passwords | Support Dashlane (2024), Dashlane Inc
https://support.dashlane.com/hc/en-us/articles/202625082-View-your-password-history-in-Dashlane

Specific Aspects of Password History

A look at the history and future of passwords | Beyond Identity Blog (2022, Apr 25), Beyond Identity
https://www.beyondidentity.com/resource/measuring-password-fatigue-usability-and-cybersecurity-impacts-study
A timeline of significant events in password history | Cisco Newsroom (2024), Cisco Systems Inc
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2022/m11/security-timeline.html
An unofficial history of passwords | Microsoft Surface | Microsoft (2024, April 16), Microsoft
https://www.microsoft.com/en-us/surface/do-more-with-surface/the-unofficial-history-of-passwords

More Infomation

Protect Yourself: Multi-Factor Authentication: Australian Cyber Security Center
What is authentication? : Microsoft
Sample - Practice Safe Password Management: MBC Cyber Awareness

Comments

Post a Comment

Popular posts from this blog

Stay COVID Meeting Safe

By -
I've had a number of people asking me recently about using recently popularised Apps due to COVID-19 in personal situations. In my personal opinion, I would steer away from both Zoom and Houseparty in particular, use something that is tried and tested like Messenger , Hangouts , Facetime or WhatsApp and ensure they're up to date as the latter two have also had hacking issues in the past due to people not updating after identified security breaches. Both Apps are very popular at the moment and have had security and privacy concerns raised. Houseparty has been reviewed by security experts which have said: "it's probably safe". It has safe security options but it is up to the end-user to implement them correctly. Having said that if you read the fine print Houseparty uses your personal data and advertising as their income (nothing is free), there have been reports of users having their login details for Netflix and Spotify accounts compromised but these ar
Read more

COVID-19 Coronavirus v Technology Path

By -
It's surprising what can instill business remodeling and push for changes in technology or an increase in an uptake. COVID-19 has had an extreme impact in our daily routines and has pushed towards a working from home in ways that would have taken years to become the norm.  Don't get me wrong we've been on our way there in the past few years with the developments onto cloud and SAAS solutions; on-line tools, integrations and deliveries; ICQ to Skype to a plethora of communication solutions. In the company I work for/with I've had to roll out a solution we've has available in a SAAS group but never pushed on as it was a convenience solution in place of face-to-face meetings primarily used for FIFO (fly-in-fly-out) clients that might have a limited schedule to communicate and not be in a convenient location. However now that COVID-19 had reared its head into the workplace it obviously creates a risk factor for a traditional face-to-face meeting which is quite likely to
Read more

Cyber Security Awareness 002: Understanding PII (Personally Identifiable Information)

By -
Image
PII (Personally Identifiable Information) What is PII and what should I be aware of? What is PII? In terms of Cyber Security PII (Personally Identifiable Information) is any information associated with the target that could be used as potential leverage for an attack against that individual, an associate, or the company they work for as well as any clients and suppliers the business deals with.
Read more