Following the news about Russian Hackers Trading Thousands Of MP, Diplomat And Police Passwords, Rashmi Knowles CISSP, EMEA Field CTO at RSA commented below.
Rashmi Knowles CISSP, EMEA Field CTO at RSA:
“This story shows just how important it is that people change all their passwords in the wake of a breach. People often use the same password for multiple sites, even for accessing work-essential applications and services, and do not change them for years; this means that when these credentials are harvested, as we can see in this instance, it can have serious repercussions. As we can see, hackers might sit on these for a number of years, lulling people into a false sense of security; so our advice is always the same, be careful and change your passwords regularly.
“Beyond this though, two factor authentication can also help to take the wind out of hackers sails. Company’s need to wake up to the fact that you can’t police stupid, and employees are always going to be the chink in their armour. As such, it is vital that two-factor authentication is a mandatory minimum requirement in a company’s security strategy. There are great products out there that help with this, such as proximity-based authentication, or an ‘Eyeprint ID’ that can support enterprise grade requirements. This mobile biometric uses the visible veins and other eye-based micro features to authenticate a user, is software-based and can be scaled to service both customers and employees. Several banks are already deploying this technology which hackers would find extremely difficult to mimic. By putting another wall of defence up, companies can be assured that even if their employees are using the same password in their private life as they do at work, the data is secure by deploying an infinite level of authentication instead of relying on a username and password combination.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.