No one wants to be considered a weak link, even more so when it happens unknowingly. Everyone is staring at you, and you don’t know why. Well, not really, but imagine that’s what happens when you choose a low-quality password. You become your school's weak link. The difference is no one around you really knows it because it’s your secret and I.T. Administrators can’t identify you as a potential weak link. The interesting thing is that your secret is using commonly used passwords across the board for all your log-ins. Many of us like using the same passwords and a hacker likes that fact. For the Cybercriminal, they want as many weak links in your organization as they can find.
Why is that? The password you choose is, of course, likely the easiest password for you to remember. That’s understandable. However, a simple password to recall is exactly where the risk lies. The easily guessable password means your login account is susceptible to being easily hacked by using publicly available tools to enumerate through the most common passwords and hammering at your login account directly. Bingo…. they’re in! To combat this problem, schools are enforcing a strict password policy.
In the news, we so often hear about stolen passwords. After they are stolen, where do all those passwords end up? Hackers collect databases of stolen passwords, and frankly, it doesn’t matter at this point if the passwords are of high or low-quality. The point is the hackers already possess the passwords to many accounts (hopefully old ones, read on). The cybercriminal’s goal is to sell your credentials over and over to the many who want to break into your account and own you digitally. It’s a big business.
Strengthening Your Link
Users who don’t see the value of changing their password on a regular basis only compounds the risk. More user education is required in addition to enforcing a strict password policy. By changing your password frequently, you directly help make those stolen passwords worthless, therefore strengthening the links.
Any more than you would like your car, house or purse stolen, passwords should be considered very valuable and need to be kept safe. You subconsciously reduce your risk when you park in a well-lit area, you lock your house when you leave, and you leave a light on to make it look like someone is home. If you’re carrying a purse or an expensive purchase, you most definitely act to protect it.
So why do so many not look at their personal or school e-mail and important web accounts in the same manner? Because you don’t think about someone trying to compromise or steal what appears to be non-tangible stuff. It’s just a bunch of bits and bytes. Wrong!
The definition of a digital footprint is the information about a particular person that exists on the Internet as a result of their online activity.
This definition hardly states how valuable your information is and what could happen if it was stolen or compromised until the unimaginable thing happens. Cybercriminals that purchase your information try to log in to your accounts and grab airline points, purchase merchandise, transfer cash and take your school data like your DOB or even change your address so they may apply and have credit cards mailed to them.
Schools are Empowering Users
Schools are getting smarter than years prior by proactively reducing the schools’ as well as their student's risk by deploying proven methods. As inconvenient as it may initially sound to roll out, these methods do help reduce and quite possibly eliminate these kinds of weak links.
When searching for a solution, the right tool should both enforce a strict password policy that moves the students away from using simple, easily-guessed passwords and stop the use of commonly hacked passwords. A stronger password could be more easily forgotten but having a mechanism to reset a forgotten password without the need to call the help desk empowers the students. A school would surely rather provide students with self-service capabilities and keep help desk costs down. The key is providing multiple reset options to students that give total flexibility and convenience whether it’s answering challenge questions, using a mobile reset app or receiving a one-time password reset read directly from their cell phone. A one-time password can even be heard from a landline and mobile phone. New, technically-advanced methods are also taking hold. In fact, using voice bio-metrics to recognize the voice as your password is now gaining steam.
Instead of being the weak link, our advice is to weaken the cybercriminal’s ability to access your valuable accounts and sell your current password. For example, expiring student passwords frequently stops unauthorized access and makes stolen credential databases contain only yesterday’s old password.
The bottom line is that for account security to be effective, everyone in your organization must help do their part and work to enforce a strict password policy. If you'd like to know how PortalGuard can make your environment more secure, contact us and let's talk.