Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 9 MINUTES AGO.
You are here: Home / Network Security / Consumers Don't Get Password Value
Consumers Don't Get the Value of Passwords to Hackers
Consumers Don't Get the Value of Passwords to Hackers
By Jennifer LeClaire / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
APRIL
16
2015
Just about every time you read about a data breach, you also read about password security. Passwords are cash money to bad actors who swipe them from social media sites, retailing databases and other electronic stores.

Unfortunately, it seems many consumers don’t get that.

In fact, 21 percent of respondents assume their passwords are of no value to cybercriminals, according to the Kaspersky Lab Consumer Security Risks Survey. On top of that, survey respondents often take the easy way out when creating and storing passwords. Kaspersky offered an example: only 26 percent of respondents create separate passwords for each account and just 6 percent use password storage software.

“Even if you are not a celebrity or a billionaire, cybercriminals can profit from your credentials,” said Elena Kharchenko, head of consumer product management, Kaspersky Lab. “A password is like a key to your home; you wouldn’t leave your door unlocked, or put your keys where anyone could find them, just because you don’t think you have anything of great value. Complex passwords unique to each account, carefully stored in a safe place, will save you a lot of trouble.”

Translating to the Enterprise

Kaspersky describes passwords as the keys to online account holders’ personal data, private lives -- and even their money. It only makes sense, then, that passwords hold great value to cybercriminals who want to use them to log on to bank and credit card accounts.

Despite all the publicity around high-profile data breaches at retailers like Target and Home Depot and online properties like Dropbox, the Kaspersky survey reveals respondents don’t always take the necessary precautions to safeguard their passwords. For example, 18 percent of those surveyed write down their passwords in notebooks and 17 percent freely share their personal account passwords with family members and friends.

This translates to the enterprise. Given the proliferation of SaaS apps like Dropbox and Google Apps in the enterprise, it’s safe to assume there is a vast amount of sensitive corporate data being stored in them, often without IT’s knowledge, Paul Trulove, vice president of products at identity and access management firm SailPoint, told us.

“This lack of visibility, combined with not having the right controls in place over those apps, can leave organizations exposed to sensitive information being accessed by the wrong person,” Trulove said. “Such decentralization of IT leaves big gaps in a company’s security defenses. While it may not be feasible for an IT organization to manage the hundreds of consumer-focused SaaS apps like Dropbox, there are automated solutions that can help provide that missing visibility while enforcing a certain-level of security assurances through single sign-on and strong password management.”

4 Quick Reminders

There is also good old-fashioned wisdom. Kaspersky offered these four reminders:

1. Create a unique password for each account: if one password is stolen, the rest will remain safe.

2. Create a complex password that won’t be easy to crack even if cybercriminals are using special programs. That means using at least eight symbols including upper-case and lower-case letters, numbers, and punctuation marks but no pet names or dates of birth.

3. Do not give your password to anyone, not even your friends. If cybercriminals can’t steal it from your device, they might be able do it from someone else’s.

4. Store your password in a safe place. Don’t write it down on paper -- either remember it or use a special program for storing passwords from a reliable vendor.

Tell Us What You Think
Comment:

Name:

Freda Gilpin:
Posted: 2015-05-09 @ 9:21pm PT
I think this was a great message to everyone. It seems that our identities are getting stolen more and more each day. I keep my password in someplace private that no one can find it.

Elisabeth Earhart:
Posted: 2015-05-06 @ 7:44am PT
Interesting. I'll keep this in mind with my passwords.

DoItRight:
Posted: 2015-04-19 @ 8:32pm PT
One quick reminder: reverse the burden. Introduce two factor authentication to your app and stop bugging consumers to unnatural behaviour.

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY

NETWORK SECURITY SPOTLIGHT
A computer programmer who created malware used to hack the Democratic National Committee during the 2016 U.S. presidential race has become a cooperating witness in the FBI's investigation.

ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.