password security guidelinesmedia.techtarget.com/digitalguide/images/misc/ea-marketing/netsec... ·...
TRANSCRIPT
E-guide
Password Security Guidelines How can you ensure that your accounts are secure?
Page 1 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
In this e-guide: What happens when authentication and access control measures are attacked by adversaries equipped with machine learning?
Users continue to remain vulnerable to hackers, whether being targeted with machine learning or traditional password guessing methods. Many still fail to take recommended preventative measures to keep their accounts safe, increasing the chance of being hacked.
Keep your enterprise safe by improving your password policies. Inside this guide, gain insight into password security as it relates to:
• Machine learning
• Mobile password management
• Employee security
• And more
Page 2 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
How machine learning-powered password guessing impacts security
Michael Cobb, CISSP-ISSAP and security author
What happens when authentication and access control measures are attacked by adversaries equipped with machine learning? This question has been examined in a couple of recent university studies, and it's worth taking a look at the potential impact of their findings on the security of real-world information systems.
Password guessing impacts system security in both online and offline attacks. An online password guessing attack can be found in the logs of every server that's on the internet -- a constant series of attempts to log in remotely using guessed credentials. Such attacks can be thwarted by having complex passwords, limiting the number of attempted logins and requiring two-factor authentication.
In an offline password guessing attack, the adversary obtains a set of system or application credentials, usernames and hashed passwords. They can then attempt to guess passwords on their own machine. This is done by checking to see if a hash of the guess, such as password, matches any of the hashes obtained from the target system.
Offline password guessing depends on having a large collection of plausible passwords, often called a password cracking dictionary. A real dictionary is
Page 3 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
used as the starting point, and then variations are added based on common tricks, like character swapping -- D1sn3yW0rld -- and adding special characters -- password! Hackers also add actual passwords disclosed in breaches, such as LinkedIn and RockYou, to these dictionaries.
How machine learning increases the threat A new approach to improving password guessing techniques is harnessing the power of machine learning algorithms. For example, researchers at the Stevens Institute of Technology and the New York Institute of Technology came up with something they call PassGAN, a novel technique that "leverages Generative Adversarial Networks (GANs) to enhance password guessing."
Without going into the science of Generative Adversarial Networks, a GAN uses two neural networks, one of which tries to fool the other with fake data that is very close to actual data. What researchers found is that, by training a GAN on a list of leaked passwords, it can rapidly produce a large number of plausible password guesses, potentially outperforming password guessing tools such as Hashcat and John the Ripper.
What does this mean for information system security, apart from underlining the importance of protecting password hashes, given that cybercriminals are increasingly likely to apply machine learning to offline cracking? Password cracking tools are classic examples of the double-edged phenomenon: security technology that can be used for evil or good; and in
Page 4 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
this case, it can be adapted to measure the strength of passwords before users are allowed to use them based on an ease of guessing score.
Of course, this latest research also adds to the reasons why system security needs to use stronger authentication than passwords alone to protect access. One popular technology is a one-time passcode generated on a mobile device assumed to be under the control of the device owner.
However, the reliability of that assumption is somewhat undermined by another piece of research, this time from Newcastle University. Researchers there have developed a proof-of-concept attack called PINlogger that uses machine learning and a neural network to analyze sensor data on a mobile device to detect when a PIN is being entered, and then determine the actual PIN.
With several dozen sensors on a mobile device -- from the touchscreen to sensors for motion, speed, orientation, rotation and more -- it is perhaps not surprising that combined sensor output, when analyzed with machine learning, can reveal a lot about a user's physical interaction with a device.
However, there are some constraints on this PINlogger attack. It requires the mobile device to have a web browser that supports JavaScript and web APIs that can access onboard sensors. Also, the user needs to be led to the attacker's malicious webpage and must keep that page open during an attack. However, the use of JavaScript to access sensors via the browser means that the attack does not require users to download an app to become victims.
Page 5 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
The researchers were not content just to create a proof of concept for this sensor-based attack; they actually studied how mobile device users perceived the risks from sensors typically found in these systems. The results showed that many people were not aware of all the sensors on their devices or the potential for information like mobile orientation and motion to be used to defeat security measures like a PIN. The researchers also noted a lack of granularity in sensor access control policies.
As more sensors are added to mobile devices, the potential for abuse is likely to grow, and the researchers concluded that the problem of sensor-based attacks is a hard one to solve, but needs to be addressed fairly urgently, before they start appearing in the wild. Update your security awareness training content now.
Next article
Page 6 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
How to approach mobile password management for the enterprise
Kevin Beaver, Information security consultant - Principle Logic, LLC
As new mobile security threats continue to emerge, traditional approaches to password management for the enterprise aren't as effective as they once were -- and IT pros must find new ways to properly manage mobile users and apps.
Previous methods of password management for the enterprise included relying on standard passwords and encouraging users to choose which apps to install and use. As these older methods fail, some IT and security managers claim that mobile access management is out of their control. Others attempt -- and fail -- to enforce Windows domain password policies and user provisioning processes across mobile devices.
When mobile security risks exist, they can compromise critical apps, their associated content and larger business systems. And as mobile expands into the internet of things, proper identity and password management at the enterprise level are as important as ever.
Page 7 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
BYOD and beyond A BYOD policy and periodic user training are no longer sufficient for password management for enterprises. Instead, IT pros must integrate automation and simplicity into the process. Most organizations require a level of visibility and control over mobile apps and content that mobile device management (MDM) and enterprise mobility management (EMM) can't provide.
MDM and EMM have evolved into unified endpoint management, which uses aspects of modern data analytics and artificial intelligence combined with traditional identity management approaches. IT pros can more easily onboard and manage users and the apps they need, protecting access to business assets over the entire user account lifecycle.
For more granular control, find a more holistic approach to password management for the enterprise. Some ways to do this are to:
• implement identity federation and single sign-on across common business apps;
• use multifactor authentication to further enhance security on mobile devices;
• automate user enrollment and account management; • deploy enterprise mobile app management, including custom
catalogs, automation and access enforcement, to enterprise resources from trusted apps and devices without user intervention;
Page 8 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
• integrate threat management and analyze apps to minimize exposures; and
• use big data analytics to provide insight into past and potential security events.
Page 9 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
Emphasize process and progress To get started with mobile identity and password management for the enterprise, IT pros must fully understand their requirements. IT pros should set goals for their enterprise mobility deployment, such as a positive user experience, simplified management and improved security.
To measure progress on an ongoing basis, it's important to examine the workflow. First, analyze current mobile password and app-related risks, determine which gaps exist between the traditional network and mobile network, and discuss mobile needs with the proper users and department heads. Measure those risks over time to see how they both evolve and resolve. IT pros should look at repeat findings, as well as how long it takes to address each of their identified risks.
Finally, monitor for tangible policy violations, device loss and data loss to improve processes, and understand how to adjust mobile password management for the enterprise. Products such as AirWatch by VMware, MaaS360 from IBM, Mobile Device Manager Plus from ManageEngine and Enterprise Mobility + Security by Microsoft can help to simplify these processes.
In the long term, IT pros should look beyond mere compliance for their mobile environments. Instead, strive for true security that integrates with the overall enterprise security program -- both locally and out to the cloud.
Page 10 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
Major password breaches: How can enterprises manage user risk?
Nick Lewis, Program Manager – Internet2
Enterprises rely on passwords almost to a fault, and users reuse passwords out of necessity, but these practices need to change. Major password breaches and the long list of challenges to password security have drawn significant attention to the inadequacy of depending on password-based security alone. As multifactor authentication and other improvements have become more common and easy to use, additional attention should be directed toward replacing passwords. Even when faced with the rapidly rising risk from continuing to use passwords, enterprises have been slow to deploy replacements.
This tip will explore the risks from major password breaches and enterprise responses aimed at protecting their resources.
Risks from password breaches The risks from insecure passwords have been known since at least 1979, and this threat has recently evolved into major password breaches, such as the one at LinkedIn and many other companies. These breaches affect end users beyond requiring them to change just one password. Standard password guidance is to use a unique password for each account, but this is
Page 11 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
practically impossible for end users to actually follow. Hopefully, end users, including third parties and contractors, didn't reuse their LinkedIn account credentials for sensitive systems. However, given the difficulties of remembering passwords, it is likely those credentials had been reused elsewhere, which then required users to make multiple password changes. The risk enterprises face is a user may reuse their enterprise credentials, and their enterprise account could become compromised. Given the difficulties with passwords, it may be rational for users to reject standard password advice.
A similar risk is present in an enterprise's customer accounts. A customer might have reused a password at your enterprise, which could result in more compromised customer accounts for your help desk to support. In addition to changing passwords, these account compromises might even result in fraudulent activities, such as orders or financial transactions made using compromised accounts that would need to be cleaned up. These fraudulent activities could also take the form of a more organized, rapid attack to cash out accounts. Fraudulent activities might have a significant, negative effect on an individual.
Enterprise responses to protect enterprise resources While it might seem odd for an enterprise to respond to password breaches at other companies, it is a necessary precaution to protect enterprise accounts. It may seem like a good response to require your users to change
Page 12 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
their passwords more frequently to protect against compromised accounts, but this discounts the effect on end users and will only fuel their discontent. Focusing these efforts and managing the effect on end users is critical to successfully improving account security.
An enterprise might want to focus first on making secure password usage easier for end users and to improve account protection. These improvements could include using single sign-on (SSO), federated identities, password managers and even multifactor authentication (MFA). SSO and federations reduce the number of passwords a user must manage; password managers help users securely manage passwords that meet the various password security requirements -- it should be noted, however, vulnerabilities have recently been discovered in a couple password managers; and MFA can be used to strongly protect these accounts. Deploying MFA broadly is the most secure option, but it's not a panacea. And, in many scenarios, it requires more resources and change by end users than just using a password, so additional time might be needed, during which the other options can be deployed as part of a coordinated plan to manage the risk.
Regardless of when the improvements are deployed, accounts must be monitored across all systems to identify suspicious behavior indicating possible compromised accounts, and security teams should have incident-response plans in place for responding to different types of password breaches. As part of determining which improvements to make, enterprises should also assess the changing risk from external password breaches to prioritize the improvements within their security program, as well as look at how customers use passwords, to determine which of the improvements
Page 13 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
should be deployed to improve the protection of customer accounts. The security controls that reduce the most risk at the lowest overall cost should be prioritized as improvements to be made first. Informing users and management of this risk assessment may help users and management understand why the improvements are necessary to protect themselves and the enterprise.
Conclusion As enterprises move to more cloud systems and externally managed systems, and improve the core security in their environment, attackers will continue to aim at easy targets -- the users -- to gain access to enterprise resources, systems and networks. Given the increasing importance of account security, enterprises need to devote significant resources to ensure the security of their accounts, and perform risk assessments to determine if their current security controls need to be updated in response to the changes in risk from password breaches.
Next article
Page 14 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
The problem with passwords: how to make it easier for employees to stay secure
Jeremy Bergsman, IT Practice Leader - CEB
Password security has long been considered the most fundamental way of keeping company data safe. But recent research revealing the world’s most popular passwords – including “123456” and “password” reminds us of what we already knew: that most people still don’t understand the most basic principles about secure passwords.
Companies should be concerned about whether their sensitive information is safe from hackers if their employees’ passwords are so blindingly obvious.
Beyond easy-to-guess passwords are two worse risks. First, people will often use passwords with an emotional meaning to them. Although this helps reduce the risk of obvious passwords, it means people are far less likely to change their password regularly, which is vital to reducing the threat of security breaches.
Second, employees re-use these same passwords across sites, so when one site is compromised, it reveals that individual’s password across all the other sites where it has been used.
Page 15 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
So why do employees pick such bad passwords? As we all know, choosing, remembering and changing passwords can be inconvenient. But IT teams can help employees act more securely, without increasing the burden on individuals.
Although complex passwords – a mixture of numbers, upper and lower case letters and symbols – are often considered a foundational element to security, only 29% of organizations feel that complex passwords alone help to reduce security risks. In part, this is because employees often write down or electronically record their more complex, hard-to-remember passwords, which can easily be lost or stolen.
So what can companies do to improve passwords and reduce the risk of data breaches?
• Implement password complexity checking. It is easy in most systems to force employees to use a minimum number of characters, which today should be set to at least 10 mixed character types, and screen passwords against a dictionary of common passwords. The most popular password, 123456, violates all three of these basic rules, showing that many organizations are not forcing good password selection. CEB data shows that most organizations are successfully doing this, but there is still room for improvement in the industry.
• Employ multifactor identification. Multifactor identification involves employees authenticating themselves with several pieces of evidence, typically a static password plus a one-time code from token, app or SMS message. Because of cost and burden on employees, many companies only use this for employees with access to more sensitive
Page 16 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
data, or for riskier situations, such as remote access. Interestingly, only 43% of organizations require multifactor authentication before allowing remote connections to the organization’s information systems.
• Provide password vaults. Password vaults are software applications that help users store and organize passwords. These password managers usually store encrypted passwords, requiring the user to create a master password – a single, ideally very strong password, which grants the user access to their password database. This counters the need for users to remember, or keep hard copies of, their passwords, and makes it just as easy to use a 30-character complex password as it is to use “123456”.
Many companies are already taking steps in this direction to both reduce the burden on employees and improve password security. Almost one in three (31%) of organizations have deployed password vaults, 29% have increased password length and/or complexity but reduced the frequency of password changes, and 16% have adopted multi-factor authentication. While it is crucial for companies to select a policy that protects them as much as possible, they need to factor in the various aspects of the situation by evaluating each approach against risk mitigation capability, employee usability and defensibility..............................................................................................................
Next article
Page 17 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
What new NIST password recommendations should enterprises adopt?
Michael Cobb, CISSP-ISSAP and security author
The National Institute for Standards and Technology, or NIST, is creating new guidelines for password policies, which will be adopted by the U.S. government. The Digital Authentication Guideline is up for public preview on GitHub and NIST's website. What are some of the significant changes in NIST's recommendations? Should enterprises consider adopting these password recommendations?
Many enterprises and online services are looking to replace the much maligned password. Several financial service companies, for example, are rolling out biometric authentication options for their customers, and Google offers the option of two-factor authentication, where a verification code is sent to a user's mobile phone.
However, there's still no universally accepted alternative to the password. So, despite its weaknesses, both in terms of security and practical use, many systems rely on it -- even if only as a fail-safe for when a user's fingerprint or voice can't be correctly identified. Since passwords are here to stay for a while longer, it's refreshing to see research by NIST looking at how to make password authentication more robust and more user-friendly.
Page 18 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
NIST has been studying how passwords are created and used, in order to produce more effective password recommendations and policies. Special Publication 800-63-3: Digital Authentication Guidelines is still a work in progress -- the latest version is available on GitHub -- but it already proposes some significant changes to what has been long accepted as best practices; as it turns out, some of them don't actually improve security.
The overriding principle behind the NIST password recommendations is to make password policies user-friendly, as arduous password rules end up being circumvented or ignored by users and support desks, negating any possible security benefits. Many users also reuse passwords between sites, so a user's eight-character-long, complex work password can be vulnerable if it's used in their online banking and social media account logins, as well.
It's not surprising one of NIST's first password recommendations is PINs should be six digits long and passwords should be a minimum of eight characters, with a maximum length of 64 for more sensitive accounts. Remembering a password longer than eight characters is not necessarily easy, but NIST's new guidelines allow the use of all printable ASCII characters, as well as all UNICODE characters, including emoji, to improve usability and increase variety. Combine this with the recommendation that users should be encouraged to create longer phrases instead of hard-to-remember passwords, or passwords based on character swaps, such as "pA55w0rd" -- which may appear complex, but, in fact, are not -- and it opens the way for long, complex and easy-to-remember passwords.
Also, passwords should no longer be automatically expired after a certain period unless there's a good reason, such as they have been forgotten, or
Page 19 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
there's suspicion they have been phished or stolen and could therefore be subjected to an offline brute-force attack. This would mean there has to be some form of monitoring in place to detect potential compromises. LinkedIn didn't know their password database had been compromised for years and, thus, had no reason to force users to change their passwords. But had users been made to change their passwords every few months, the database of passwords from 2012 would be useless to attackers.
There is also advice on how to store users' passwords safely. All passwords must be hashed, salted and stretched when stored. This will dramatically reduce the ability of hackers to cost-effectively crack passwords either in bulk or individually. Systems also need to check new passwords against a dictionary of known bad choices. Administrators need to ensure this dictionary matches its users most likely choices, which depending on location and industry, may not necessarily exactly match the world's 100 most likely passwords; having 100,000 such entries is suggested as a good starting point.
While these guidelines may seem long overdue, the recommendation to do away with knowledge-based authentication (KBA), password hints and SMS codes is more contentious. KBA and password hints greatly reduce the number of costly and time-consuming password resets, but provide little additional security, as was shown in Adobe's 2013 password breach and the fact that answers to KBAs are too easy to find on the internet. Also, NIST concludes that one-time passwords sent via SMS are too vulnerable due to mobile phone number portability, attacks like the SS7 hack against the mobile phone network and malware that can redirect text messages.
Page 20 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
Any security control needs to continually evolve and adapt to how it is actually used in real life in order to withstand changing attack techniques and the constant rise of computing power. NIST's goal is to improve how users create and systems store passwords, reducing unneeded complexity wherever possible. SP 800-63-3 will become compulsory for the whole of the U.S. government.
Enterprises should look at following these guidelines where practical, as they will be quickly considered best practice in the court of public opinion. Password length and complexity requirements can usually be changed relatively easily in most programs or through group policy, but changes such as eliminating SMS in two-factor authentication schemes won't be cheap or straightforward. Administrators will also need to implement an alternative account recovery process if they choose to abandon hints and KBA. There's no obvious substitute other than a password-reset email, which, if not implemented correctly, can also be insecure. It will be interesting to see what the final password recommendations are.
Next article
Page 21 of 21
In this e-guide
How machine learning-powered password guessing impacts security p. 2
How to approach mobile password management for the enterprise p. 6
Major password breaches: How can enterprises manage user risk? p. 10
The problem with passwords: how to make it easier for employees to stay secure p. 14
What new NIST password recommendations should enterprises adopt? p. 17
About SearchSecurity p. 21
E-guide
About SearchSecurity IT security pros turn to SearchSecurity.com for the information they require to keep their corporate data, systems and assets secure.
We're the only information resource that provides immediate access to breaking industry news, virus alerts, new hacker threats and attacks, security certification training resources, security standard compliance, webcasts, white papers, podcasts, Security Schools, a selection of highly focused security newsletters and more -- all at no cost.
For further reading, visit us at https://SearchSecurity.com/ Images; Fotalia
© 2018 TechTarget. No part of this publication may be transmitted or reproduced in any form or by any means without written permission from the publisher.