World Password Day – Mandiant share tips for best practice

World Password Day is upon us – a moment designed to help companies and individuals recognise some of the potential vulnerabilities that lie within their organisations. Weak passwords lead to compromised accounts, and it certainly seems that malicious email attacks are on the rise in Australia.

Matt Shelton, Director of Technology Risk and Threat Intelligence at Mandiant, has provided the below tips to commemorate the occasion.

  • Whenever possible, use Multi-Factor Authentication (MFA) prioritising banking, email, and social media accounts.  Hardware tokens like Yubikey and software tokens like Google Authenticator are more secure than SMS-based MFA.  SMS-based MFA is still more secure than just using a password!
  • Enterprises should disable mobile-push on employee MFA tokens.  Mandiant has observed an increase in threat actors abusing mobile-push functionality over the last several years.
  • Practice good password hygiene by using complex and long passwords that are unique for each site you visit.  A strong password doesn’t have to be difficult to remember as long as it’s long!  Consider using a long phrase that’s easy to remember.
  • Consider using a password manager to store unique and complex passwords for every site you visit.  When choosing a password manager, use an industry recognised provider and never store your passwords in a document on your desktop!
  • There’s no longer a need to change passwords on a regular basis as long as you practice good password hygiene.  Instead, change your password when you know a site you have an account on has been breached.  Many password managers will proactively alert you when this happens.

So, on world Password Day, take pause to think about passwords and the various strategies that can mitigate associated risks.