Cyber security news for all

More

    The future of cyber security – How will we protect passwords?

    Simple password combinations that users use for different application services are an enormous security risk for companies – that is well known. But even very complex passwords can be targeted by hackers and cracked by them. Two-factor authentication, which is already used in many companies to secure data, is considered to be significantly more secure. On the one hand, two-factor authentication is more secure than simply entering a password, but on the other hand it is also more time-consuming for users. Employees therefore find them not very user-friendly. For this reason, more and more IT experts are currently working on procedures that do not always require a password. To achieve this, they rely on the zero trust concept.

    Zero Trust Requires Smart Policies

    According to theguardian, to use the zero trust principle, it is necessary to define guidelines in advance. These determine in which case a user receives the requested access without additional authentication steps and in which case further steps are necessary to determine the identity. There are various authentication factors that are queried to evaluate the access request.

    protect passwords

    The devices used to play a central role. If it is a device managed by IT, there can generally be fewer hurdles when it comes to authentication. If the device is not managed, distrust is higher. The users themselves are also used as a factor: If a user is stored in the Active Directory for example, he is more trustworthy than an unknown user. A further factor is represented by individual application services and their origins: Does an application come from the company app store, the security of which is continuously checked by corporate IT? Or was the app downloaded from the device manufacturer’s app store? With the latter, there is an increased security risk, which is why additional authentication can be useful or necessary. Certificates that can be distributed to mobile devices and express a unique identity in the form of a key can also play a role in the guidelines.

    Recent Articles

    Vodafone experiences a vulnerability with fatal effects

    The injected JavaScript can access the session cookies from Vodafone website and send them to a server. An attacker can take over the session...

    Maze leaks data on its own platform

    The Maze ransomware has been up to almost a year and a half. This week, security experts warned about the actions of the cyber...

    Emotet to spread the malware behind email archives

    If you find an attached pack to an email these days, you should be particularly careful: the highly developed malware Emotet could be lurking...

    500,000 Activision accounts have been leaked

    Activision has taken a position on the alleged leak. According to the publisher, there has never been a data leak. In some cases it is...

    Judge issues injunction against WeChat

    The US government wanted to take action against the app WeChat. A judge stood sideways. The app should disappear from the platforms in the...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox