Welcome to “In Security,” the web comic that takes a lighter look at the dark wave of threats crashing across business networks, endpoints, data and users. Get acquainted with the team and catch up by reading Episode 001, Episode 002, Episode 003, Episode 004, Episode 005 and Episode 006

Dylan may think his wall of passwords is a giant leap for cybersecurity, but it’s really just a grave misstep toward disaster. Far be it from us over here at “In Security” to judge our comic protagonist too harshly, but in all seriousness, password security is no laughing matter.

I know what you’re thinking. Actually, you’re probably thinking one of three things:

  1. Psh, a password wall? What gives? Anyone who writes his or her passwords down is asking for it. I know how to protect my personal information with my passwords!
  2. Oh no, I’ve been caught. I write my passwords down in one of those trendy journals with sayings like “Live, Laugh, Love” on them.
  3. How can an agile workspace have so much personality?

I have neither the time nor the expertise to delve into the art of agile work space design, but the old topic of password security in the age of the cloud, social media, big data and analytics is of critical importance.

Familiar Advice

Although most of us have heard about password security, it’s simply human nature to become lax despite the most altruistic of intentions. As financial expert Dave Ramsey put it, life happens. It’s easy to forget about password security, amiright?

Many of us have heard — and have sometimes ignored — traditional password advice. As a reminder, here are some nuggets of wisdom that we all know but sometimes neglect to abide by:

  • Create passwords containing 12 to 16 characters.
  • Don’t use the same password for more than one account.
  • Keep your password weird. That’s right — channel all those quirky thoughts into the creation of your passwords. In the words of the 2012 hit by Macklemore and Ryan Lewis, “Thrift Shop,” don’t use the names of your “grammy, your aunty [or] your momma,” or other common words or phrases that attackers could easily guess. Use a healthy combination of numbers, symbols, uppercase letters, lowercase letters and spaces.
  • Spread the love when it comes to special characters. Rather, spread them throughout your passwords as opposed to slapping a group of them at the beginning or end.

Passwords Petering Out

Passwords, though they may be the industry standard for authentication, are being replaced by other methods that have proven to be safer and smarter. Companies are building multifactor authentication (MFA) methods into their products and offerings to further protect their customers’ identities and personal information.

MFA is a type of access control through which a user is granted access only after presenting several separate pieces of information to prove his or her identity. This information serves as an authentication mechanism.

Types of MFA include one-time passwords (OTPs), where a user is given a password or token that is good for one use only, and two-factor authentication (2FA), where a combination of components confirms the user’s identity. The information used in these processes falls into one of three categories.

  • Knowledge: Something only the user would know, such as a password or PIN number;
  • Possession: Something a user has, such as an OTP token or QR code; and
  • Inherence: Biometric forms of identification, such as fingerprint readers, voice authentication or retina scans.

IBM Takes On Password Security

For the third consecutive year, Gartner named IBM Security a leader in the Identity Governance and Administration space, and for good reason. Products such as IBM Security Access Manager help organizations secure and manage user access and protect applications against fraudulent and unauthorized access. An exciting add-on is the IBM Verify application, which adds an extra later of security to your online services by using two-step verification. It is available in the App Store like all cool apps are.

Do as I say, and not what our pal Dylan does. Be smart when it comes to password storage and add additional authentication mechanisms to your identity protection portfolio. Be vigilant in protecting your online identity.

More from Identity & Access

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

An IBM Hacker Breaks Down High-Profile Attacks

On September 19, 2022, an 18-year-old cyberattacker known as "teapotuberhacker" (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website GTAForums.com. Gamers got an unsanctioned sneak peek of game footage, characters, plot points and other critical details. It was a game developer's worst nightmare. In addition, the malicious actor claimed responsibility for a…

What is the Future of Password Managers?

In November 2022, LastPass had its second security breach in four months. Although company CEO Karim Toubba assured customers they had nothing to worry about, the incident didn’t inspire confidence in the world’s leading password manager application. Password managers have one vital job: keep your sensitive login credentials secret, so your accounts remain secure. When hackers compromise these software applications, the entire industry of identity and access management (IAM) takes notice. As an alliance of tech giants leads a global push…

Beware of What Is Lurking in the Shadows of Your IT

This post was written with contributions from Joseph Lozowski. Comprehensive incident preparedness requires building out and testing response plans that consider the possibility that threats will bypass all security protections. An example of a threat vector that can bypass security protections is “shadow IT” and it is one that organizations must prepare for. Shadow IT is the use of any hardware or software operating within an enterprise without the knowledge or permission of IT or Security. IBM Security X-Force responds…