Password annoying?

Table of Contents

Why passwords at all?

Passwords ultimately only serve the purpose of proving that access has only come from a person who knows this "secret". In principle, it is therefore only a matter of protecting data that is to be accessed from unauthorized access.

By the way, there is a great project from the Hasso Platner Institute - the Identity Leak Checker. Here you can enter your private e-mail address and you will then receive all providers who have been hacked and your password was affected! You can find the service here.

 

The old tune, please long, complicated and impractical!

"IT security experts" always recommend using at least 9 characters, capital letters, small letters, special characters of any kind, numbers and as many characters as possible. I've seen password policies of at least 14 characters - just insanely stupid.

The consequence is, and if you smile right away, you know that I'm right, that there are compound words - Hund123+, NamevomKind27! and so forth.

A treat for hackers – with tools like Cewl and Crunch we build word lists in our pentests that are individual, ie we build these from social networks like Facebook from employees, the company website etc. and yes – we also put words together and add numbers for patterns in these compositions. In this way, the supposedly secure passwords mentioned above are cracked in seconds.

Passwords are outdated – by the way, my “password” is only 4 characters long! How sure is that? 

Would you like customer advice?
Optimize the security of your corporate IT with us!
To the request

rethink

There are alternatives and useful additions that make life much easier. You've probably heard of two-factor authentication, adding a second device for security.

With PayPal, for example, you can use your mobile phone to log in in addition to your password – PayPal sends an SMS code for every login, the second factor.

First of all, the following scenario is just one possibility out of many others; However, the right method and the right concept must be determined and designed for each of our customers individually according to their needs - there is no one-size-fits-all solution.

Single Sign On

Windows systems offer the option of authentication using a SmartCard, which means that the user receives a PIN code – similar to a bank card – and a chip card with his card.

This is then z. B. pulled through the keyboard or plugged into a reader. You then log into the system with your PIN and “key”, which is stored on the card.

To put it simply, MS AD and Kerberos then give you a ticket, which you then use to authenticate yourself to other services. In order not to bore you with technical details: You log in once in the morning and then have secure access to all company services (intranet portals, file shares, etc.) without having to enter a password again.

 
smart card insert
easy right?
Newsletter Form

Become a Cyber ​​Security Insider

Get early access and exclusive content!


OTHER CONTRIBUTIONS

Table of Contents

PSN_KU_Cover
NewsLetter Form Pop Up New

Become a Cyber ​​Security Insider

Subscribe to our knowledge base and get:

Early access to new blog posts
Exclusive content
Regular updates on industry trends and best practices


Please accept the cookies at the bottom of this page to be able to submit the form!