Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
March 3, 2023
Recent news events have increased the attention on password use and how users can protect their accounts and passwords.
Last week, while talking with a neighbor who doesn’t work in tech, I was asked what to do after one of their streaming accounts had been compromised. My first question was, “Were you able to restore access and change your password?“ They beamed with pride as they answered, “Yeah, it took a few minutes, but I kicked the hacker out.” So, I posed the next question, “Where else did you use that same password?” Slowly their proud smile faded and turned to a look of confusion. They proceeded to list several services where they had used the same generic password. As they listed off those services, it began to dawn on them that the “hacker” may not be as “kicked out” as they thought.
This lesson is one we in the information security world have been espousing for years: “Don’t reuse passwords.” We’ve recommended the use of password managers to enable the use of unique passwords. But what happens when our advice is now the source of a new question: “Have you heard of the LastPass breach? What do I do now?” The answer becomes more complicated, but here are three tips to keep in mind.
The easy answer to give, which is harder to accept, is to change all your passwords. This can be daunting enough, but in the face of recent events, we can’t stop there. We need to teach the principle of defense-in-depth.
We at Optiv recommend guidance to Secure Your Password, focusing on diversifying your passwords. But every user needs to take a few more steps to ensure that their accounts remain secure.
We in the information security industry have been advising to enable multifactor authentication (MFA) everywhere that you can. But out of all the authentication methods, we recommend using tokens or fobs over than the typical text message or emailing of a code. There are several solutions here, including YubiKey, Google Authenticator, Microsoft Authenticator and OnlyKey. The challenge can be that different services may support different solutions. For any services where the only option for MFA is choosing answers to security questions, it’s better to lie through your teeth. After all, malicious hackers can research you on social media and find the correct answers to many of these questions.
It is important to monitor access to our accounts. Many services offer to send notifications when a user logs into the account. You should enable this feature to enhance your account security. You may receive more emails or text messages as a result. But in the event of a compromised account, knowing is half the battle. Numerous other solutions offer some type of tracking of account access or trusted devices. Review these lists periodically to ensure that there are no unexpected logins or devices.
Finally, monitor the services you use for public breaches so that you are aware when a password may have been compromised. Creating an alert through https://haveibeenpwned.com/ is a great place to start raising your awareness to the constant stream of breaches that seem to occur.
By raising your security awareness and by practicing a defense-in-depth strategy, you can significantly increase the security or your accounts. In light of all the recent data breach headlines, take a proactive approach instead of solely a reactive one when it comes to your password security.
Optiv Security: Secure greatness.®
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Let us know what you need, and we will have an Optiv professional contact you shortly.