Sensitive databases require stronger password manager strategies

Companies around the world have recently been setting poor examples for their customers on how to operate effective online security strategies. The breakdown of database password manager techniques, in particular, has been leaving millions of customers in danger.

Web hosting firm DreamHost recently provided an excellent example of what can happen when companies do not enforce strong online security policies across all departments. This week, officials had to announce to their customers that an unauthorized intruder made their way into a DreamHost database. Although a separate database containing sensitive financial data was unaffected by the breach, the incident did compromise the interests of potentially thousands of patrons.

"This particular breached database contained customer credentials to the [file transfer protocol] server. This allows potential hackers to use these credentials in order to impersonate customers when accessing the FTP server," Imperva security strategist Noa Bar-Yosef explained to Dark Reading. "The impact of which is to access customer documents, download the documents and even upload their own documents."

With thousands of customers relying on DreamHost to manage their business websites, this misstep could have a number of damaging consequences. With sensitive business communications potentially hanging in the balance, domain name users are rightfully concerned.

Further analysis has also provided discouraging news as to how DreamHost had been guarding its databases. A number of fundamental password manager responsibilities, including rejecting passwords of insufficient strength, were neglected.

"To secure user passwords, companies need to put in a strong password policy as well as digesting the passwords before encryption. Hackers are notorious for breaking encrypted passwords very quickly," Bar-Yosef noted. "Using passphrases instead of passwords is also a good practice since they provide the necessary length to prevent effective brute-forcing of passwords."

With companies continually proving to be unfaithful guardians of user credentials, it may be time for customers to take a more proactive role in online security. As a rule of thumb, easy-to-remember passwords often become easy-to-crack passwords. Employing a more random combination of characters in one's password can greatly improve its strength. And with the help of password manager software, customers can rely on the technology to both create and manage longer and more complex codes for each online account.

As consumers make strides in this area, there is no escaping the fact that businesses will have to revitalize their online security defenses as well. According to Dark Reading, many industry experts are already taking about alternative frameworks that circumvent the traditional username and password login model.