- CISO Series Newsletter
- Posts
- Passwords So Good You Can't Help But Reuse Them
Passwords So Good You Can't Help But Reuse Them
Passwords So Good You Can't Help But Reuse Them
This week's episode of CISO/Security Vendor Relationship Podcast
Passwords So Good You Can't Help But Reuse Them
, Mike Johnson and our guest Will Gregorian, CISO, Addepar, discuss:
Thwarting password reuse is a powerful security measure, but could be a damaging business endeavor.
TripAdvisor has begun invalidating user credentials if a member's email and password are found in publicly leaked data breach databases. Sounds like a solid security practice until you think about the user experience. Could locking people out be so miserable that they no longer want to use the service? Be very conscious of how you're treating users in such a move and make sure you make it as easy as possible for them to still complete their transaction.
Most companies don't go through an IT department to deploy a solution.
We're slowly coming to the realization that "Shadow IT" is simply just the way companies acquire services. There's nothing "shadow" about it. If security wants to get involved in these purchases, they're going to need to step up their conversations and relations with other departments.
Is the known always better than the unknown in security?
If there is a known that's really bad, but there's an unknown that could be worse or a lot better, which do you choose? This was a philosophical discussion we had on the show and actually one of the factors that changed minds was the number of people who knew about a problem. Was this public or not yet public?
How much risk does multi-factor authentication remove?
This was debatable as was the use of SMS multi-factor authentication. But one thing we all agreed on is it's definitely better than single factor authentication.
Special thanks to this week's CISO/Security Vendor Relationship Podcast sponsor, Cyberint.
The high ROI is what makes spear phishing campaigns so attractive to threat actors. Read our breakdown of TA505's latest series of attacks. CyberInt has been tracking various activities surrounding this and other similar attacks where legit means were used to hack international companies in the retail & financial industries.
For quite a while, IT security experts have been touting the value of two factor authentication (2FA) as a better way to keep data safe than simply using passwords alone. We have even spoken about it here. In its most popular form, 2FA sends a confirmation code to your phone, which you must then enter into the appropriate log-in confirmation window within a short amount of time. This is like having a second key to the safe, like many bank vaults used to have.But security is a never-ending horserace, and it probably comes as no surprise to most that even 2FA is not invincible, and that hackers can indeed bypass it and have made this ability public knowledge. Read more...
Check out more Cloud Security Tips sponsored by OpenVPN, provider of next-gen secure and scalable communication software. OpenVPN Access Server keeps your company's data safe with end-to-end encryption, secure remote access, and extension for your centralized UTM
We want trending discussions
We want to know what you're passionate about. And one of the most telling ways is from a discussion that lights up on social media. If a cybersecurity post has lots of comments, chances are you care about it. So please be our eyes and ears for discussion threads you see on LinkedIn, Twitter, Quora, Reddit, or wherever. Please just send me a link via
,
, or ping me through our
or just reply to this very newsletter. I'll get it.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.