Change language:
Get a quote

Password and Access Management: Secure Management of Sensitive Data

Oct, 3 2024
Password and Access Management: Secure Management of Sensitive Data

Passwords and access certificates (such as SSH keys) serve as a central security mechanism when it comes to controlling access to IT systems, networks, or computers, protecting critical company resources from unauthorized access. These highly sensitive pieces of information must be especially protected against cyberattacks. However, in practice, employees often store them without sufficient protection—in unencrypted Excel files on their desktops, in browser extensions from public cloud providers, or in free software tools—without being fully aware of where the access data is stored, what technical safeguards are in place, or who can access this information.

 

For some, it may seem practical and even safe to store passwords in encrypted Excel files, especially as newer versions do offer the ability to encrypt files with AES 256 encryption. However, the problem arises when the encryption passwords used lack the necessary complexity, making the encryption almost ineffective. Furthermore, there is no option to implement an additional security layer, such as two-factor authentication (2FA).

 

The German Federal Office for Information Security (BSI) recommends that passwords should be at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and special characters.

 

Simple patterns or information related to a person, such as birthdates or common dictionary words, should be avoided. The combination of characters should be random and should not include predictable sequences like "1234admin." Especially for critical systems, it is advisable to avoid passphrases altogether; a random combination of characters provides the highest level of security.

 

With the advancement of technology, AI is now capable of quickly guessing weak passwords. Through machine learning and significant computing power, AI-supported tools can identify patterns in weak password combinations or access databases of commonly used passwords. Moderately complex passwords with eight characters, using a mix of uppercase and lowercase letters, can be cracked within minutes. More complex passwords with ten characters and a combination of uppercase and lowercase letters, symbols, and numbers can be exposed within hours. Only at 12 characters with a random mix of character types does decryption take months. Passwords with 16 or more characters, combined with a random mix of letters, symbols, and numbers, are currently considered maximally secure and should be used for critical applications, such as securing the corporate network and privileged accounts (admin access).

 

Public cloud providers that allow password storage in browsers often offer two-factor authentication via authentication apps or hardware tokens, and passwords are stored in encrypted form, making it significantly more secure than storing them in a desktop Excel file. However, when storing passwords in the browser, it is important to note that hackers can exploit vulnerabilities and security flaws, for example, in unpatched versions, or compromise user accounts to gain access to all stored passwords, including those protecting highly sensitive data.

 

Password management tools hosted as software-as-a-service on a private cloud infrastructure are ideal applications for securely managing passwords. Such a password vault stores passwords in encrypted form, ensuring that even in the event of a security breach, the passwords remain protected.

 

To ensure that only authorized users can access the passwords, the application can be secured with two-factor authentication, so even in the event of a phishing attack where username and password fall into the hands of criminals, the passwords remain protected. Access should also only be granted via VPN or another encrypted connection.

 

Additionally, comprehensive logging of all activities—from password access to changes—allows companies to ensure traceability at all times and demonstrate compliance.

 

Depending on the risk assessment, password complexity can be defined for different user accounts, and password policies can be implemented accordingly. Passwords can be automatically generated by a password generator and changed at predetermined intervals to enhance security.

The secure and centralized management of access data is key to protecting critical company resources from unauthorized access.

Conclusion: Secure, centralized, and encrypted storage of passwords and access data is crucial for managing sensitive information. Password managers hosted on private cloud infrastructure provide the necessary security and control that businesses need today. Passwords should always meet minimum length and complexity requirements to protect critical company resources from unauthorized access. This is the only way to ensure the integrity and confidentiality of an entire organization and meet the legal requirements of regulations such as GDPR or NIS II.

Tags

PasswordmanagerAccess ConrolMFA

Recent articles

ai-powered-automation-of-cybercrime

Apr, 2 2024

AI-Powered Automation of Cybercrime

In Germany, businesses are experiencing an unprecedented wave of cyberattacks, with damages reaching €206 billion in 2022. Artificial Intelligence (AI) plays a dual role, being utilized for both defense and as a tool in cybercrime. AI aids in detecting anomalies and preventing attacks, but it is also used by cybercriminals to automate attacks....

starsstars
line
line