World Password Day – How to Protect Your Credentials on the Dark Web
Stolen credentials like usernames and passwords and account takeover (ATO) instances are increasing at an alarming rate. This can occur when credentials are stolen and sold to the highest bidder on the dark web. This can wreak havoc on a firm's reputation, relationships, and finances. To celebrate World Password Day, continue reading to learn about password safety best practices!
Create Strong Passwords
When creating a password, nine times out of ten we are using one we use for almost everything else that requires a password because it is easy to remember. This might seem like a good idea, however, it is very unsecure. Think about it – if a hacker were to get your password, they can then access every account you have! How secure is your password?
Passwords like “12345” or “password” are very predictable, as are consecutive letters. To ensure the safety of your password and privacy, be sure to follow password best practices:
Keep the password complex, i.e. incorporate letters, numbers, and symbols and that change often. By doing so, this alleviates the option of someone cracking the code of your password. Additionally, aim for a long password (think 8 characters) - the longer the password the better, and same goes for complexity.
Avoid using personal information in your password that may be easy for someone to figure out. Things to avoid include your name, address, date of birth, pet’s name and children’s names. Instead, make up a sentence and use the first letters. For example, 'I love creating complex passwords with eight characters!' turns into this password: Ilccpw8c!
Make sure your passwords vary across different platforms – switch it up. It is okay to use the same word, but be sure to change it up by capitalizing different letters, or substituting letters for numbers such as changing an “e” to “3”.
Change your passwords every 3 months. At least every 90 days, we recommend changing your network, system and application passwords to prevent intruders from gaining unauthorized access. Remember: password creativity is critical, and password re-use is a big no-no.
Other best practices for securing your password is to not leave your password on a sticky note or under your keyboard. This tip sounds obvious, but occurs more than it should.
Leverage Dark Web Monitoring
Making sure your passwords are secure will help protect you and your firm from security breaches. Though, even when employees use password best practices, it's still possible for threat actors to steal credentials and sell them on the dark web. Realistically, most businesses don't have the expertise, resources or strategies required to effectively monitor the dark web for risk exposure. Employing a Dark Web Monitoring Service can also help reduce account takeover risk by alerting users when their credentials appear on the dark web.
Eze Dark Web Monitoring Service leverages SpyCloud's Active Directory Guardian to monitor the dark web to see if client watchlist assets like IP addresses, email addresses, passwords and domains are exposed. Then, each exposed credential is checked against the client's active directory deployment to see if the credential is that of an active user. If there's a match, clients are immediately notified and the end user is forced to reset their password.
Using this layered approach to protect your passwords will give your firm the robust security posture necessary in today's landscape.
Download our datasheet on Dark Web Monitoring to learn more.