Hackers breaching best password defenses
The online security community has been forced to reexamine several of its commonly held beliefs in 2011, with cybercriminals finding new ways around or through even the best defenses. According to the latest research from Imperva, poor password manager practices in particular have been dooming cybersecurity plans all the way up to the enterprise IT segment.
Many modern businesses have realized the importance of password protection and utilized a form of encryption called cryptographic hash functions. While this may be an effective tool, it can also breed a false sense of security and should not be used as a sole defense mechanism.
"Attackers do not attempt to directly attack the strength of the cryptographic measure," Imperva analysts noted. "Rather, different methods exist which allow attackers to bypass the cryptographic measures - much like a burglar who doesn't bother to pick the lock but instead jumps the fence."
Password cracking tools such as rainbow tables and dictionaries are now widely circulated and readily available to determined hackers. But although it may only be delaying the inevitable, creating and storing of strong passwords with the help of a password manager can make it significantly harder for cybercriminals. And in the struggle to protect sensitive data, businesses would be wise to make use of all available resources.