Subscribe
Author

Yogesh Yagnik

Browsing

Strong passwords are the guardians of our digital accounts and the primary defense against identity theft. In fact, in one of my earlier blogs commemorating World Password Day, I had talked about the necessity of strong passwords in detail.

In the earlier days, we used to have accounts in just a couple of portals like email or the admin side of a website. But things have changed, and technology has evolved. Now, we have multiple platforms with multiple accounts and passwords, some of which we use rarely. These passwords, regardless of the frequency of use, need to be changed periodically, if you need to keep your digital information safe.

With so many accounts and passwords, naturally, it is nearly impossible to remember every single one of them. Unfortunately, most of us resort to saving this information on an Excel sheet or a Word document in plain text format.

In an era dominated by cyber threats, this is a recipe for disaster.

Password Vaults provide a convenient and secure solution to fortify your online security, and protect your sensitive information, by just remembering a single password.

What is a Password Vault?

Password vaults, also known as password managers, are secure digital repositories designed to store and manage passwords for online accounts. They offer a centralized location where users can securely store their passwords and retrieve them when required.

The passwords stored in password vaults are typically encrypted and protected by a master password. Password vaults also provide added security controls like MFA, or a biometric authentication method, such as fingerprint or facial recognition. This ensures that only authorized individuals can access the vault.

The benefits of using a password vault to save your passwords are numerous.

Assured Security

We resort to using weak and easily guessable passwords because we find them easier to remember. But that also leaves them more vulnerable to cyberattacks. Password vaults generate complex, unique, strong passwords for each account and store them securely. This significantly reduces the risk of unauthorized access.

Convenience

Password vaults eliminate the need to remember multiple passwords for various accounts. You only need to remember one master password, which will give you access to all the other credentials. This saves time, eliminates human error (multiple wrong entries usually locks out the user), and enables the users to efficiently manage their online accounts.

Defense Against Phishing

In phishing attacks, threat actors trick individuals into revealing sensitive information to access their accounts. You can integrate password vaults with web browsers, which enables them to autofill the required credentials for legitimate websites. The autofill feature ensures that credentials are provided for only legitimate websites, providing defense against phishing attacks.

Data Synchronization

Most password vaults synchronize passwords across devices, making it easier for you to access your accounts on any platform. This adds to the convenience part because you don’t have to log in to your password vault to search for credentials every time you switch devices.

Security Best Practices

Password vaults often offer security recommendations and best practices to make your lives easier. They provide password strength analysis, automatic password suggestions, prompts on expiring passwords, and two-factor authentication.

It is worth noting that while password vaults offer substantial benefits, it is essential to choose a reputable and trusted password vault provider. Before choosing one, you need to do proper research on its security features, encryption standards, and privacy policies to ensure that it protects all your sensitive online information.

While the security and reliability of open-source password vaults can vary, here are ten popular open-source password vaults that I recommend and are generally considered secure.

  • KeePass: KeePass is a widely used open-source password vault that stores passwords in an encrypted database. It offers strong encryption algorithms and supports two-factor authentication.
  • Password Safe: Password Safe is an open-source password vault that follows a “defense-in-depth” security model. It provides secure storage for passwords and supports multiple databases.
  • Bitwarden: Bitwarden is a feature-rich open-source password vault that allows users to securely store and sync passwords across multiple devices. It supports various encryption methods and offers options for self-hosting.
  • KeePassXC: KeePassXC is a community-driven fork of KeePass, focusing on cross-platform compatibility. It incorporates additional features and security enhancements while maintaining compatibility with KeePass.
  • Buttercup: Buttercup is an open-source password vault that uses strong encryption algorithms to protect passwords. It supports cross-platform usage and provides browser extensions for convenient access.
  • Pass: Pass, also known as “password-store,” is a command-line-based open-source password vault that stores passwords as encrypted files. It utilizes GPG encryption and integrates well with existing command-line utilities.
  • Enpass: Enpass is an open-source password vault that offers strong encryption and supports various platforms. It provides options for storing data locally or syncing it across multiple devices using cloud storage.
  • Myki: Myki is an open-source password vault with a unique approach. It stores passwords locally on local devices and utilizes end-to-end encryption for secure sharing of passwords across devices.
  • LessPass: LessPass is an open-source password vault that generates unique passwords for each account using a combination of the master password and other parameters. It does not store passwords but generates them on-the-fly.
  • Padlock: Padlock is an open-source password vault that focuses on simplicity and security. It offers AES-256 encryption and provides a clean and intuitive interface for managing passwords.

A word of advice: While these open-source password vaults are generally considered secure, it’s important to stay informed about their latest security updates and community support. Additionally, always ensure that you download the software from trusted sources to minimize the risk of tampered versions or malware.

A strong password protects your online information but rather than hiding it in the crevices of your mind, it is safer to rely on password vaults for enhanced security, convenience, and ease of access. While cyberattacks haunt individuals and corporates alike, it is always better to be safe than sorry.

Your name, your date of birth, your pet’s name, your favorite soccer player, a president you don’t see eye to eye with, or the name of your first crush. Are any of these strong enough to guard your most sensitive personal and financial information?

The answer would be an unequivocal “no”.

And yet, a recent survey by Cybernews reveals that these indeed form a few of the most used weak passwords around the globe. A few creative souls have thrown in swear words as well into the mix, which, unfortunately, are once again easy to crack.

So, as we observe World Password Day this May 4th, let’s get serious with our password game.

What is World Password Day?

In his 2005 book Perfect Passwords: Selection, Protection, Authentication, security researcher Mark Burnett first encouraged people to have a “password day,” to update all their important passwords.

Inspired by his idea, Intel Security took the initiative to declare the first Thursday in May as World Password Day in 2013. The day was intended to raise awareness on the importance of strong passwords in securing personal and corporate information.

In the 10 years that followed, the process of securing your data with a password has evolved to include two factor authentication (2FA) and multi-factor authentication (MFA), promising enhanced security to our digital accounts.

Passwords remain the first line of defense, and as such, good password hygiene is critical for individuals and organizations alike.

What constitutes a weak password?

Every time you are required to set a password by any device or portal, the guidelines are displayed for all to see. Still, a shockingly large number of people use easily guessable passwords and reuse the same for all their devices and accounts.

And thus, our long-gone childhood pets live on in our weak passwords. Or our city of birth makes a flash appearance. Then there are some of us who decorate our idols’ names with a few special characters on either side. And the previously mentioned creative people sprinkle a few numbers in between swear words and call it a day. The least creative ones though, rely on what’s right in front of them to set a password – the letters on their keyboard, in the very same sequence they occur.

This is how, once and for all, we make lives and jobs easier for threat actors around the globe.

Believe it or not, cyber attackers maintain a database of known or the weakest passwords that are regularly used. Here is a list of the 10 most common passwords used in India in 2022.

  • password – used over 34 lakh times
  • 123456 – used over 1.6 lakh times
  • 12345678 – used over 1.1 lakh times
  • bigbasket – used over 75,000 times
  • 123456789 – used over 30,000 times
  • pass@123 – used over 20,000 times
  • 1234567890 – used over 14,000 times
  • anmol123 – used over 10,000 times
  • abcd1234 – used over 8,900 times
  • googledummy – used over 8,400 times

You may also want to check the top 200 most common passwords across the globe in 2022.

Needless to say, using such weak or known passwords does nothing to protect your digital accounts. It is an open invitation to threat actors to access your personal information and financial data.

Some of the risks associated with weak passwords are:

  • Password cracking: Password cracking is a prevalent technique that hackers use to gain unauthorized access to user accounts. It involves the use of automated tools to attempt thousands of possible passwords until the correct one is discovered.
  • Brute force attacks: Brute-force attacks are a type of cyberattack that uses automated tools to try all possible combinations of characters until the correct password is discovered.
  • Dictionary attacks: Dictionary attacks involve using pre-built lists of commonly used passwords, such as words found in the dictionary, to attempt to gain access to user accounts. They are often effective because many users choose simple and easy-to-guess passwords, such as “password123” or “admin”, which are frequently included in these lists.
  • Account takeover: If an attacker gains access to one of a user’s accounts due to password reuse, they may be able to take over other accounts that use the same password. This can be especially dangerous if the user has linked their accounts to financial or sensitive information.

Unique and complex passwords for each of your accounts are the best way to defend against these risks. Most people don’t use complex passwords for the simple reason that they can’t remember them.

Using a password manager can help you generate and store strong passwords for your accounts. Implementing two-factor authentication can also add an extra layer of security to prevent account takeover even if an attacker manages to obtain your password.

What are a few tips to create strong passwords?

  • Length: Use a password that is at least 14 characters long. Longer passwords are harder to guess or crack using automated tools.
  • Complexity: Use a mix of upper and lower-case letters, numbers, and special characters. Avoid using common words, phrases, or personal information that could be easily guessed, which means avoiding names and anniversary dates.
  • Uniqueness: Use a unique password for each account. Avoid reusing passwords across multiple accounts, as this increases the risk of credential stuffing attacks.
  • Avoid Dictionary Words: Consider using a password that does not contain dictionary words. Such dictionary words are common and can get hacked easily.
  • Avoid Patterns: Avoid using patterns in your passwords, such as sequences of numbers or letters. These patterns are easy to guess and may be part of a dictionary attack. In other words, resort to gibberish.
  • Use a Passphrase: Consider using a passphrase, which is a longer combination of mismatch words that are easy to remember but hard to guess. For example, “alien grass coffee” follows no pattern and is therefore impossible to guess.
  • Use Multi Factor Authentication: Multi-factor Authentication (MFA) requires users to provide one or more additional verification factors – more than the username and password – to grant access to an application, online account, etc. MFA decreases the likelihood of a successful cyber-attack.
  • Use a Password Manager: Consider using a password manager to generate and store strong passwords for your accounts. This can help you avoid the need to remember complex passwords and ensure that you use a unique password for each account.
  • Change Your Passwords Regularly: Make it a point, no matter how much hassle it is, to change your password every 30 to 45 days.
  • Don’t Share Passwords: In the name of friendships and online streaming services, many of us share passwords among friends and family. Avoid this as much as you can.

Follow these tips of password hygiene and you will see that your first line of defense against cyberattacks is strong and reliable. What better way to observe the 10th anniversary of World Password Day than to change your passwords into something complex and uncrackable that no automated tool can hack?

Statistics reveal that ransomware will attack a business, a consumer, or a device every 2 seconds by 2031. And it will cost its victims $265 billion annually.

In the last five years, ransomware attacks have risen by 13% and in the first half of 2022 alone, there were around 236.7 million attacks globally.

These are very distressing numbers. Ransomware is one of the most real and present threats that organizations are facing today.

Ransomware is a type of malware used by threat actors for financial gain. It takes over the victim’s files or systems, and the attacker demands a ransom be paid in exchange for a decryption key, which organization can only hope that will return the files to their original state.

Recently, threat actors have begun to exfiltrate data during a ransomware attack resorting to “double extortion” – to blackmail victim organizations into paying the ransom to avoid having their information posted on leak sites or put up for sale.

LockBit is the world’s fastest and the most stable ransomware since 2019-2020. The LockBit 3.0 ransomware, also known as LockBit Black, operates as Ransomware-as-a-Service (RaaS). It is an improved version of its previous LockBit 2.0 and other versions.

How does ransomware work?

Threat actors infiltrate the victim organization’s network and find its way onto a device. They then encrypt the files and folders on it.

Threat actors don’t stop there. They execute enumeration activities to spread their reach laterally on to the network and can spread the ransomware from device to device, affecting all computers in a network.

How do threat actors infiltrate?

  • Email links or attachments: The user is sent a phishing email with a malicious link or attachment, which leads to either credential harvesting or the downloading of the ransomware from the file they attach on email.
  • Remote Desk Protocol (RDP): Threat actors exploit publicly available or weak credentials and brute-force or password spray via the RDP protocol to gain access.
  • Virtual Private Network (VPN): Threat actors identify and exploit unsecured and unpatched remote access VPN servers – by exploiting publicly available or weak credentials and brute-force or password spray – to gain access to a network, then distribute malware.

Recommendations to protect your data against ransomware

Identity & Authorization

  • Enforce long and complex passwords.
  • Passwords must be set to avoid dictionary words, patterns, or commonly used passwords.
  • Implement Password Change Cycle and avoid accounts with the option of setting passwords that will never expires.
  • Enforce Multi Factor Authentication (MFA) at every logon attempt.
  • Consider Phishing Resistant MFA.
  • Integrate MFA for all remote access, internet accessible and business email accounts.
  • Periodically audit user accounts with administrative privileges and configure access controls according to the principle of least privilege.
  • Periodically identify unused accounts and delete them.

Network

  • Geo Fence network perimeter – Whitelist the Geo where you operate from. Blacklist the rest.
  • House critical infrastructure on to DMZ
  • Segment networks and disable unused ports.
  • Disable inter VLAN communication or restrict to necessary communication only.
  • Disable any direct external RDP access.

Data Backup & Restoration

  • Maintain offline backups of data.
  • Ensure all backup data is encrypted, immutable (i.e., cannot be altered or deleted).

General Safety Measures

  • Keep all operating systems, software, and firmware up to date.
  • Identify, detect, and investigate abnormal activities and potential lateral movements with an appropriate EDR / XDR tool.
  • Periodically review domain controllers, servers, workstations, and active directories for new and/or unrecognized accounts.
  • Consider adding an email banner to emails received from external organizations or domains.
  • Disable hyperlinks in received emails.

Businesses want employees to be productive and happy, which is part of the reason why organizations across the world have embraced remote and hybrid work.

But businesses also want to protect against cybersecurity risks. And unfortunately, that goal is often at odds with remote and hybrid work.

How can companies square this circle? In other words, how can they ensure that employees have the flexibility to work from anywhere, while also enforcing strong cybersecurity postures?

The answer is desktop virtualization. Virtual desktops deliver the flexibility that businesses need to operationalize remote and hybrid work, while also making it easy for IT teams to protect against the security threats that plague distributed workforces.

Why remote work breeds cybercrime

To understand why, let’s first examine how remote and hybrid work increase the security challenges that businesses face.

According to Verizon’s 2022 Mobile Security Index, nearly 80 percent of respondents report that recent changes to working practices – which include the widespread adoption of remote and hybrid work models – have adversely affected their organizations’ cybersecurity postures.

The main reasons why include:

  • Remote work makes it hard to guarantee the physical security of devices that may store sensitive business data. Attackers could steal the devices themselves to exfiltrate private information from the business.
  • Remote devices can’t be protected behind firewalls and VPNs in the same way as devices that are located on-site.
  • IT teams can’t easily monitor, patch and update remote devices in order to stay on top of security threats.
  • Remote devices often connect to business systems through insecure home networks.
  • Employees may inadvertently install malware or vulnerable applications on devices that they use when working remotely, especially if they use the devices for personal reasons in addition to working.

In short, when workers are off-site some or all of the time, it’s simply not possible to deploy the same security protections that work for on-site employees and devices.

How desktop virtualization secures modern workforces

Faced with challenges like these, some business leaders may be tempted to pull the plug on remote work policies and force everyone back in the office.

But that’s not practical in many cases. As the Harvard Business Review points out, businesses gain a variety of benefits from allowing remote and hybrid work – such as reduced real estate costs, higher employee retention rates and even increased profits.

So, instead of abandoning remote work, companies need to find ways to embrace the “new normal” of working without compromising on security. And the obvious solution is desktop virtualization.

Desktop virtualization means replacing conventional desktop computers with virtual desktop sessions hosted on servers inside a business’s data center or a public cloud. Employees can connect to these sessions from anywhere, at any time, so they get all of the flexibility that they need to work remotely.

At the same time, however, desktop virtualization plugs the most serious security gaps associated with remote work. Virtual desktops can be protected with firewalls and operated in such a way that sensitive data never leaves the virtual desktop infrastructure – so it is never at risk of physical security breaches.

In addition, desktop virtualization allows for rigid isolation between employees’ personal computing resources and business resources. Instead of mixing personal apps with business apps, virtual desktops keep business applications isolated inside the virtual desktop environment, so that malware or other threats present on local devices are essentially a non-issue from a business security perspective.

The fact that IT teams can continuously monitor virtual desktops and patch them in real time to address security threats adds yet another layer of protection for remote workers. Businesses don’t need to worry that attackers will take advantage of unmonitored, un-updated remote PCs to gain a beachhead from which they can launch further attacks against a business.

Protecting traditional PCs as well as mobile devices

The security advantages of desktop virtualization apply, by the way, regardless of which types of devices employees use when working remotely. Whether they log in from their own PCs, company-supplied laptops, or even mobile phones, they connect to secure virtual desktop environments.

That means that desktop virtualization gives employees the freedom to connect from any device they choose, while still allowing employers to enforce strong security policies.

Access controls like multifactor authentication, geofencing, and whitelisting of devices secure devices in a hybrid work environment while enforcing network controls like firewall with IPS & IDS protection further secure corporate data from bad actors.

Desktop virtualization also allows setting of desktop-level controls like Active Directory integration of authentication and Group Policy Objects (GPO)-based restrictions on virtual desktops.

Conclusion

In short, desktop virtualization provides the best of both worlds: The flexibility that employees expect from the “new way of working” and the cybersecurity protections that businesses need to keep critical applications and data secure. For many companies, there’s no going back to the old days of having everyone in the office, all of the time, which is why desktop virtualization has assumed an absolutely vital role in business success.

There’s no denying it. From a security perspective, hybrid work can be a nightmare. From the physical security threats that arise when employees store sensitive data on off-site devices that could be stolen, to the risk of passing data over insecure home networks, businesses with hybrid workforces face a whole host of security challenges that simply didn’t apply when everyone worked from the office.

That’s the bad news. The good news is that Desktop-as-a-Service, or DaaS, can shore up many of the security issues associated with hybrid work. By replacing traditional desktop computers with cloud-based virtual desktops, DaaS removes one of the core risks of hybrid work – insecure PCs – while simultaneously delivering benefits like higher productivity and enhanced workforce scalability.

It’s unsurprising, then, that 64 percent of IT leaders who responded to a recent Citrix survey agreed that DaaS is a “key factor” in their organizations’ approaches to securing hybrid work. The survey also found that improving security for hybrid workforces was the top business benefit that respondents associated with DaaS. Advantages like cost savings and improved business continuity were on the list, too, but they took a back seat to security.

To understand why so many IT leaders see DaaS a pillar of hybrid work security, let’s look at the major security challenges of hybrid work, and how DaaS addresses them.

Top Security Challenges of Hybrid Work

When businesses embrace hybrid work models – meaning ones in which employees work partly from the office, and partly from remote locations – they inevitably subject themselves to new types of cybersecurity risks.

The specific security challenges of hybrid work will vary depending on factors like which types of systems a business uses and where remote workers are based, but the risks generally fall into three main categories:

  • Data security: It’s harder to secure sensitive information when the information is stored on devices that are not located in the office. The risk of physical security breaches is higher. So is the risk that malware running on a remote worker’s PC could access sensitive business data stored on the PC.
  • Network security: Hybrid workforces can’t be protected with corporate firewalls in the same way that businesses secure traditional workforces. Firewalls simply don’t work when employees need to connect from anywhere and the IP addresses of remote endpoints are constantly changing. Solutions like VPNs can help by encrypting data, but as Forbes notes, they are “not a magic solution that prevents all security threats.” For example, malware running on a compromised remote PC could potentially intercept sensitive network traffic even if the PC connects to business systems over a VPN.
  • Software security: IT teams can’t efficiently enforce security controls through frameworks like Active Directory if devices aren’t constantly connected to the corporate network. As a result, hybrid workers may be able to install applications that introduce malware or other vulnerabilities to the systems they use when working remotely. Compromised applications could, in turn, access sensitive data that passes through employees’ devices.

The list of hybrid work security challenges could go on, but these points capture the essentials.

How DaaS Protects Hybrid Workforces

When businesses ditch conventional desktops and replace them with DaaS, many of the hybrid work security issues described above go out the window. The main reason why is that when employees no longer rely on insecure desktop computers to work remotely, the data, networking and software security issues associated with desktop computers cease to apply.

In a DaaS-based desktop environment, data never physically leaves the data center where virtual desktops are hosted. That means that physical security risks disappear. In addition, because DaaS separates virtual desktop sessions from the systems that employees use to log in, any malware or other vulnerabilities present on remote workers’ local devices remains isolated from the virtual desktop environments that they use for work.

Network security is much stronger under DaaS, too, because all data passing into and out of virtual desktop environments can be encrypted – even if hybrid workers aren’t connected to a VPN. Network data can also be subjected to firewall filters because virtual desktops can have fixed IP addresses, making it possible to deploy many of the same network-level security controls that would be in place on a traditional corporate network.

As for software security, modern DaaS platforms allow IT teams to establish whichever security rules they need to govern which software is allowed to run inside corporate desktop environments. Virtual desktops remain constantly connected to central software security and monitoring systems, regardless of whether employees are logged in or not, or where they connect from.

DaaS – A Pillar of Hybrid Workforce Security

To be sure, stronger end-user security is only one of the many benefits that DaaS delivers. Virtual desktops also provide business advantages like the ability to add desktop sessions quickly when new employees are hired, predictable monthly pricing and a significant reduction in the amount of time and effort required to administer desktop systems.
An added advantage that comes with DaaS is the flexibility it brings to employers and employees alike. While employees have the flexibility to work from anywhere – home or office – it gives employers the flexibility to hire employees even in locations where the organization has no physical presence. Unburdened by geographical limitations, DaaS also helps organizations in optimizing their office space. As for employee experience, with less time spent in commute and proper work-life balance, DaaS results in enhancing it, resulting in higher productivity.

Arguably, however, DaaS’s ability to secure hybrid workforces is one of the very most important reasons why businesses today should embrace cloud-based virtual desktops. In a world where nearly three-quarters of businesses in the U.S. have already pivoted to hybrid work or expect to do so, the security risks associated with hybrid workers who rely on traditional desktops are not going to go away on their own.

But they will disappear for companies that embrace DaaS, which provides a fundamentally more secure means of giving hybrid workers the desktop computing infrastructure and applications they need to be both productive and secure, no matter where they are based.

SUBSCRIBE TO OUR BLOG

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.