Forum Discussion

Emilie_B's avatar
Emilie_B
Google Community Manager
16 days ago

What security threats do you experience the most?

Hey everyone,    Stop what you’re doing - episode 2 of The Secure Element is out now! Tune in as Bigdogburr​  and Theresa Lanowitz, Chief Cybersecurity Evangelist at LevelBlue, dive into achiev...
Security
stories
Moombas's avatar
Moombas
Level 4.1: Jelly Bean
9 days ago

I can terrifying 100% agree to this from mattdermody​ : "The biggest security threat or vulnerability we are exposed and actually affected by the most are the end users themselves."

 

But those sometimes are the result of IT handling passwords. They need to be too complicated, changed too often,... yeah sounds strange from security side but look at the results:

  • users note down passwords on easy to see/find locations
  • users store passwords in cleartext somewhere
  • users always try to use still somehow "readable" passwords (like: Id0ntl1ke!t)
  • ...

Which may finally less secure than using strong passwords (ofc) but somehow easy to remember and not too often to be changed and even better maybe make the use of MFA as much as possible (today i think this should be a minimum but still not the case).

 

Also using password managers are not secure because instead of mutliple passwords to be cracked, you only need one (the one from the manager). So if here Software is used which is not secure enough it's getting even worse.

  • Emilie_B's avatar
    Emilie_B
    Google Community Manager
    9 days ago

    You make an interesting point about the complicated and/or long passwords being too difficult for end users to remember Moombas​ 

     

    What do you think would be a good solution to handle passwords? Is it a good idea to allow end users to write them down? Maybe they could do so in a more secure way...

    • Moombas's avatar
      Moombas
      Level 4.1: Jelly Bean
      9 days ago

      No, writing down is definitely nothing they should do ever.

      But IT needs to find a good solution in case of good password settings, which the end user may be able to remember because with the good (not too complicated) password (but still matching character rules) which also may then result in the less need of renewing it.

      This could lead to less written down passwords. 

       

      But in general, i still raise my hand for Authenticators being used as MFA or even additional  to the password a physical device like employee card or finger print being used.

       

      And just to add here: Sometimes you also just need to be creative to find a good way to create your own good passwords.

      Example: Year-Day-SystemToAccess-SomethingUnique

      Result of Example: 2023-05-Java-IHate

      This contains automatically numbers, characters and (Capital) letters where year and day is the one you changed the password for example.

      So everything is something you can somehow easy remember and just need to put in together and being different from system to system.

      • Emilie_B's avatar
        Emilie_B
        Google Community Manager
        9 days ago

        Thank you for sharing Moombas​

        Your method to generate passwords sounds very efficient (and I will definitely bookmark it for future use 😉).