Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Beware of Easy-to-Guess Passwords: Protecting New Hires from Cyber Threats

published on 2024-06-25 10:39:25 UTC by steveshepherd05
Content:


User typing in password on laptop


A recent study, highlights a critical security vulnerability that many organisations might overlook: the use of easy-to-guess, temporary passwords in new-hire welcome packages.

After analysing over 651 million malware-compromised credentials over the past year, the team at Specops' discovered 120,000 passwords containing terms commonly used for new-hire credentials. These include logins such as “user,” “temp,” “welcome,” and “change.”


The Risk of Common Starter Passwords

These easy-to-guess passwords provide a tempting entry point for attackers. They can potentially bypass safeguards like multi-factor authentication (MFA) and gain initial access to employee-issued services. Before you can set MFA, you need to log in the first time with a password to then configure MFA. So [new-hire accounts] are quite a juicy target for any threat actors, especially if they’re pre-provisioned before the user starts.”


Common Compromised Passwords

Here are the eight most common base terms (often with slight variations) for day-one accounts:

  • User

  • Temp

  • Welcome

  • Change

  • Guest

  • Starter

  • Logon

  • Onboard


The issue with these passwords is that attackers can use brute force or cracking tools to guess these weak and common passwords. Moreover, these passwords can be compromised through reuse, as employees often use the same passwords for work and less secure personal devices, websites, and applications.

If you must send a password, make it complex and challenging to guess. You want to be putting horrible, nasty-type passwords that they are absolutely going to want to change. And they’ll never just change the last character. Then educate your staff about secure passwords using the NCSC advice of 3 random words “For3st.Skate.Shark?” (Please don’t use that one!!!)


Conclusion

In conclusion, the use of easy-to-guess passwords for new hires presents a significant security risk. Organisations must adopt better practices to protect their systems and data. By implementing complex passwords and using secure methods to share them, businesses can safeguard their new employees and reduce the risk of cyber attacks.

For more tips and advice on improving your cybersecurity practices, visit the South West Cyber Resilience Centre (SWCRC) website. Stay informed, stay secure.




Article: Beware of Easy-to-Guess Passwords: Protecting New Hires from Cyber Threats - published 5 months ago.

https://www.swcrc.police.uk/post/beware-of-easy-to-guess-passwords-protecting-new-hires-from-cyber-threats   
Published: 2024 06 25 10:39:25
Received: 2024 08 21 12:21:00
Feed: The Cyber Resilience Centre for the South West
Source: National Cyber Resilience Centre Group
Category: News
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor