DEV Community: Pradeep Parthiban

6 Password Policy Management Best Practices for a more secure IT environment

Pradeep Parthiban — Tue, 10 Aug 2021 09:19:10 +0000

Remote working has impacted the world of cybersecurity in multiple ways. Remote workers are often not protected by enterprise-level security and so are more prone to cyberattack. The FBI reported a 300% increase in cybercrimes since the pandemic began, and remote work has increased the average cost of a data breach substantially.

Employees working from home are also distracted –

“47% of remote workers cited distraction as the reason for falling for a cyberattack.”

In other words, if you do not have a plan in place to mitigate these risks, you are setting yourself up for a potentially devastating cybersecurity breach.

One simple way to protect your organization from breaches is to apply a strong password policy at all levels of the organization, and enforce it by implementing a secure password policy management solution (PPM).

Here are some password policy best practices you may find useful.

Increase password length and strength

Brute force attacks try all possible combinations of characters to arrive at the password. A 6 string password with only upper or lower case letters can be cracked in 8 seconds. An 18 character password with upper and lower case letters, numbers and symbols can take 1 quintillion years to crack! By adding a special character, combining both upper and lower case letters or adding numbers, encryption can be much more secure.

Image Credit: ghacks.net

The full strength of the Advanced Encryption Standard (AES) comes to bear when users create passwords of 32 characters for 128-bit encryption and 64 characters for 256-bit encryption. However, passwords of around 10 characters are strong enough for most applications.

Simplify as much as possible

A password made of only numbers has 10 options for each character in the string, one made of numbers and letters has 36 options, and if you include special characters that adds another 32 possible characters for each spot in the string. This makes it more challenging for brute force attacks to be successful. Complexity in terms of the kind of characters that can be used in the password is, therefore, an advantage.

However, do not mandate the usage of these different kinds of characters. This can lead to frustration and reuse of the same password with minor character substitutions (P@ssword or Passw0rd, for example). This is especially the case when the policy also demands frequent changes of password. If the old password is compromised, such minor variations will be relatively easy to guess, too.

To mitigate this risk, don’t mandate the use of special characters and reduce the frequency of mandatory password reset to approximately once a year. A long password using only lowercase letters is more secure than a short one which is a variant of an older password.

Do not allow password reuse

Do not allow reuse of earlier passwords during periodic password reset to increase security. Train your staff not to use minor variations of their earlier passwords, and instead look for completely different passwords.

Also train staff on the risks of reusing passwords across home and work accounts. Password reuse results in a huge surge in credential stuffing attacks. If any service is compromised and your password and username are stolen, hackers could use the same credentials to try and hack your other accounts. Each account must therefore use unique credentials to maintain security.

Reinforce passwords using multi-factor authentication (MFA)

Multi-factor authentication uses a combination of things you know, such as a password or PIN; things you have, such as a badge or smartphone; and things you are, such as biometric data, to authenticate your right to access a particular system, data or application.

Enabling MFA ensures that even if a password is stolen, the system is not compromised.

Use a secure password manager

Many users find it difficult to remember their passwords for multiple online services, and so either use a single password for all, or, worse, save all their passwords to an unreliable password manager.

If you do opt for a password manager, choose one that is highly secure, in order to mitigate the risk involved. Most IAM solutions will include a password manager or, with Single Sign-on, completely do away with the need for multiple passwords. A single secure password is enough to log on to your IAM and access your applications and data.

Use an IAM application for Password Policy Management (PPM)

It’s one thing to lay down rules for password policy across the organization. It’s quite another to enforce the policy. An Identity Access Management (IAM) application can help you ensure that all your users consistently comply with a high standard of security while setting their passwords, without the need for a separate password policy enforcement tool.

Administrators can customize and define password policy for all users in the organization. You can also specify upon whom the policy should be enforced, based on the users’ access level. Password policies can of course also be defined as blanket rules.

A common perception is that the risks associated with breached passwords do not apply to your organization as you have secure systems. But your organization’s data security is only as strong as the weakest password of your users. In 2020, 770 million credential stuffing attacks occurred. That means that if your employee’s personal passwords are compromised, and they have reused the same password at work, your data is compromised too. Worse, 17% of all sensitive files are accessible to all employees, and about 60% of companies have over 500 accounts with non-expiring passwords.

Implementing a robust Identity and Access Management (IAM) solution brings you several steps closer to protecting your user credentials and corporate data. Worldwide, cybercrime costs will hit $6 trillion annually this year. Don’t let your organization succumb to a Data breach! With these simple steps, you can stay safe with multiple layers of data protection. Allow our team at Akku to help you secure your systems.

The Role of AI in Software Testing

Pradeep Parthiban — Mon, 06 Aug 2018 12:59:52 +0000

We all know that over the recent years, AI has proven to be quite helpful for the human race in the multifarious fields like statistics, graphical studies, astronomy and so on. But now the concerned matter is whether the theory will be able to bring about the necessary and the expected changes in the software testing field or not. Software testers and developers from all over the world are trying various methods to incorporate the idea to create a new version of the technologically advanced world.

Will this new introduction become a salvation or the cause of destruction? Even though there is still an underlying uncertainty, the use of the AI theories has become abundant to an extent. According to The Times Higher Education, China is leading the pack with over 41000 research papers on AI and various countries are following this theory to perform various functions.

Let’s take a glance at the attributes of the Artificial Intelligence and its related aspects of software testing!

WHAT IS ARTIFICIAL INTELLIGENCE?
We all know that the robots and the technologically developed machines are quickly replacing the human labours, be it bots or any automated machine. Now, when the mechanical strength is being replaced by artificial power, why not the natural intelligence of human beings is replaced by something similar?
This proposition led to the development of a new concept of artificially induced intelligence, similar to the human intelligence in any sense yet advanced and quicker. This is known as Artificial Intelligence. It is actually a probabilistic approach towards any situation.

Apart from this, AI technologies behave like humans and produce results the same way. Some of the best technologies developed to date that uses AI are speech recognition, virtual agents, machine learning platforms, robotic process automation and so on.

The success of the Artificial Intelligence in these fields has driven the software minds to use the theory of the same in the aspect of developing software and testing the different parameters of the same.

WHAT IS THE REQUIREMENT OF AI IN SOFTWARE TESTING?
Software testers benefit more on automation than the manual checking process. The term ‘software testing’ revolves around a number of algorithms and technical processes which examines the quality of the software, the output, its market efficiency and other attributes.

Now, software testing does not involve a step or two for the software testing purposes. Rather, the entire software developed is subjected to a series of repeated tests where at each level, the parameters are examined by various methods. This requires intelligence, extensive manpower and time. Also, the revenue spent by various macro software-giants accounts to around billions.
The use of Artificial Intelligence will certainly cut out all the excess things that are needed for the testing process. The AI algorithm and the various processes are based on introducing automation and better ‘intelligent’ analysis of any faults or errors within the software. The entire work is done at low maintenance since AI means artificially induced intelligence, enough brainpower to run the processes without extensive care.

BENEFITS OF AI IN SOFTWARE TESTING
The benefits of the application of Artificial Intelligence are extensive; some can modify the existing testing methods while others will definitely introduce mind-blowing changes in the field of software testing.

Improved quality
With the application of the artificially induced intelligence, the quality of the software will develop widely. Since all the testing methods will be carried out automatically and with secured assuredness, the quality will be improvised greatly. Moreover, the longevity of the applications will be increased greatly along with the increased market efficiency.
Effective and trustworthy
AI algorithms have introduced effectiveness in the software testing. The artificial intelligence theories have also increased the reliability of the testing methods by reducing the manpower and also the intensive costs. The process is trustworthy since the errors will be checked by checking codes that will not leave the errors unattended without resolving them.
Earliest feedback
As the AI testing process is automated, the software developers will get a quick feedback report on the working and the efficiency of the applications. Also, the bugs and the disputes will be resolved quickly and hence, the products can be launched quickly in the market.
Improved traceability
As the testing algorithms are preloaded within the machine and are based on statistical and other types of mathematical concepts, it's quite easier to trace the path of the tests and ensure that every step is being done clearly and carefully. Also, it will be possible to know what type of errors have occurred and hence, finding a solution to them will become easier.
Integrated platform
The entire process is conducted on an integrated and embedded platform. This will make it easier for the software developers to launch the website easily on the client’s website. Hence, the execution process will become more flaccid.

The application of the Artificial Intelligence to the field of software testing is still under scrutiny. However, it is expected that soon the software world will see a dramatic change in the processes!