The authentication dilemma
I’ve worked with a lot of organisations over the years and seen lots of ways of doing certain things. Policy implementation is one of those! I’m in a fortunate position where I get to see different people’s policy documents, their systemic implementations and even interview staff to see how these work on the ground. So, I thought I’d write about password policies!
Humans like to be efficient and people also struggle to deal with the huge volume of identify management and authentication solutions they are presented with. Just think, how many passwords are required in everyday life?
- Multiple 4-digit PIN codes for debit and credit cards etc.
- Online banking sign in credentials (more PINS)
- Gym padlock PIN combo (usually 4 characters)
- Passwords for home computer
- PIN code or password for mobile phone access
- Passwords of phrases for telephone services e.g. to access your mobile phone account services
- Social media credentials
The list goes on and on! Then let’s add in corporate IT services….
Anyone who’s worked in an office will have seen familiar sites of the following:
- Password on post it notes
- Password shared with colleagues
- Password sellotaped to keyboard (either on top or underneath)
- Passwords shouted across the office
- Passwords written down on white boards
Read more “How to write a bad password policy!”
Probably the most common attack vector!
Phishing is very likely the most common attack vector, in fact so common that the following stat is called out:
“a 2016 study reports that 91% of cyberattacks and the resulting data breach begin with a phishing email”
Setting up the Social Engineering toolkit or custom phishing solution takes a little time, luckily Microsoft have added in attack simulation features into Office 365! This let’s in house teams perform a range of simulated attacks in safe manner against your organisation. In this post we are going to run through the steps required to create and run a phishing attack simulation!
Read more “Office 365 Attack Simulator Overview”