For decades, logging into a network, application, server, etc. usually only requires a username and password. Sometimes certain policies are put in place to try to make sure passwords are not compromised, such as requiring a minimum length, special characters, a mix of letters and numbers, and changing passwords every so often. These can help, but it can still leave organizations vulnerable, and security professionals know this. According to a recent survey of 270 of them, “90 percent of respondents said that they are worried about attacks using compromised credentials”.
“For so long, [malware] was the primary method of attack,” says Matt Hathaway, senior manager of platform development at Rapid7. But attackers have shifted their strategies and are now using stolen credentials at some stages of the attack. (source)
As I mentioned in a previous blog post, successful hackers do not necessarily need to be superior coders, but simply smart about weaknesses and tendencies. And some users can unwittingly hand over their credentials, offering cybercriminals access to what should be protected.
Much of this concern can be addressed by implementing a strong two-factor authentication solution such as GreenRADIUS. Contact us today to learn more.