05 February 2020 •
As part of our ongoing commitment to maintaining the security of your processes, data and reputation, over the coming months, we will be implementing a number of ADDITIONAL enhancements to the security framework around ZatPark. And as a prelude to this, we want everyone to think about passwords.
When I created my very first online profile, many years ago, my password was the word “password” – as I was a child, I spoke as a child, I understood as a child. Now as an adult I have set aside childish ways………
Here we are in 2020, inundated with passwords we “must” remember. Website logins, email accounts, social media accounts, bank accounts, the list is endless. The temptation is to use something memorable and short, across all your accounts, you know, so you don’t forget it!
However as more core business processes such as finance, HR and back-office administration are delivered through cloud-based platforms, poor habits increase the business risk. 80% of data breaches can be traced to weak, reused or stolen credentials. Credentials that uniquely identifies the user, such as an email address. That means that a malicious individual can look for other accounts associated with that same person, such as work-related, personal social media, banking accounts, or back-office systems. When they find those accounts they can try logging in with the exposed password and if the password is reused, they can gain access. This is why ZatPark never uses email addresses as user credentials.
Consider the damage to your business if someone malicious gained access to a system such as Xero because you use the same password for your Netflix account.
This is why unique passwords matter.
Each year, LastPass the password management platform undertakes a global password security report, gathering and analysing insights into employee password behaviour at businesses around the world. Highlights from this year’s report include:
• Progress: IT admins take advantage of policies and integrations to increase security and streamline management.
• Risk: Password reuse is still widespread, and contributes to lower Security Scores
• Initiatives: Internationally, increased regulations appear to be a driving factor in password security awareness, especially in EMEA and APAC
• Accountability: Organisations must take responsibility for ongoing training and take proactive measures to eliminate risky password behaviours and improve company-wide security scores
Ideally, passwords should be created using a random password generator, be no less than 8 characters LONG (ideally more) and be changed every 6 - 8 weeks. Password generators are free online tools that use a set of algorithms to create a unique combination of numbers, letters, and characters that will be almost impossible to figure out. Systems such as Last Pass aid in storing and filling in complex passwords for you, there’s no need to reduce the complexity of passwords using systems like LastPass. For Apple users keychain performs a similar function.
Always use a unique password for each platform you use - never use the same password for everything or a variation of the same password for different things; if a malicious individual manages to find their way into one of your platforms, they’ll probably try others, too, and start by using the password they know has just worked for them elsewhere.
Strong passwords not only keep your information safe from malicious individuals, viruses, and botnets looking to cause trouble, but they also help to keep your business running smoothly and your reputation intact.
There is much advice and debate about what constitutes a strong password in the light of human imperfection and the need for usability. There may be cases when a passphrase instead of password can be used to strengthen credentials while mitigating the impact on memorisation.
An online resource is now available to check if your email address has been compromised in a published security breach, you can check your email address and also commonly used passwords here https://haveibeenpwned.com,if you discover your email address has been exposed we strongly advise that you change passwords you know to have been associated with that email address.
As our next release of security enhancements are rolled out, some users may find they are promoted to reset their password sooner than they are anticipating. Please follow the prompts provided by ZatPark when doing so, you may find your usual approach to password generation is no longer accepted.