Commenting on World Password Day, Nathan Wenzler, Chief Security Strategist, Tenable, said,
“While progress has been made to encourage people to use multi-factor authentication (MFA) and other tools that don’t solely rely on passwords, there’s still much work to be done. The use of passwords is still common in most organizations, especially when it comes to non-human service accounts that often have administrative access to core databases and applications.
“In addition to implementing MFA, take security up a few notches by using a strong Privileged Account Management tool, implementing policies that require least use privilege for all accounts, strong auditing for all service accounts, and limiting the applications and data that can be accessed.
“And don’t forget Active Directory! Approximately 90% of Fortune 1000 organisations still use Active Directory for account management. It’s no surprise that cybercriminals are still targeting AD given how widely used it is and that most organizations still don’t manage their credentials well.
“So, organizations should use World Password Day to review how they’re securing domain admin credentials, audit AD implementation to ensure it’s secured against exploits and leverage strong real-time monitoring to stay on top of unexpected changes to credentials, passwords or AD itself.
“We’ve made great strides in the Information Security community to educate users about why strong passwords are still needed and getting them to leverage MFA. But, we still have a long way to go to strengthen our password posture against attackers and compromise.” –