This article is part of a series where we look at a recent NSA/CISA Joint Cybersecurity Advisory on the top cybersecurity issues identified during red/blue team exercises operated by these organizations. In this article, you will find a more in-depth look at the specific issue, with real-world scenarios where it is applicable, as well as mitigation strategies that can be adopted to limit or overcome it. This expands on the information provided by the NSA/CISA report.
The importance of credential hygiene, encompassing passwords, usernames, and other forms of authentication, helps achieve a robust cybersecurity posture. Despite its role, insufficient credential hygiene remains a significant vulnerability, leading to severe security breaches and data loss. This article explores the risks associated with poor credential hygiene and outlines best practices for maintaining secure credentials.
Credential hygiene encompasses practices for securing authentication data, including the creation, storage, and management of passwords. Weak or reused passwords, failing to update credentials, and inadequate system-side security measures like encryption can expose organizations to risks such as unauthorized access, network infiltration, and reputational damage.
The full scope of credential hygiene also covers system-side considerations like encryption levels and storage methods. Relying on cleartext (or reversible) storage of credentials or cleartext transmission of credentials between systems are also tell-tale signs of poor credential hygiene.
Poor credential hygiene has been central to many high-profile breaches. Attackers exploiting weak credentials can escalate privileges or move laterally within networks, leading to data exfiltration and operational disruptions.
On the flipside, the mismanagement of credentials, like requiring overly complex credentials or too frequent changes can also result in user dissatisfaction and insecure practices, such as writing passwords on post-it notes or creating predictable patterns when generating new ones.
Storing passwords in cleartext or in an easily crackable form is extremely risky. The large number of stolen and distributed passwords only makes this problem more visible.
Maintaining strong credential hygiene is a vital component of an organization’s cybersecurity strategy. Adopting practices like using strong, unique passwords, utilizing password managers, and implementing MFA can substantially reduce the risk of cyberattacks and protect sensitive data.
Always consider that adequate credential hygiene can only be achieved when the users understand its importance. Mandatory requirements that exploit complexity to the extreme or impose changes too frequently are just as problematic as the opposite, but will hurt the user’s perception more.
The post Poor Credential Hygiene appeared first on TuxCare.
*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Joao Correia. Read the original post at: https://tuxcare.com/blog/poor-credential-hygiene/