Many people are quick to proclaim that passwords are dead…that SSO, MFA, and related technologies are THE solution. Not so fast. Passwords, as we’ve known them for decades, are not going away anytime soon. Sure, I’ll embrace the technologies that help take the pain out of passwords and password management. Hopefully we will be password-free in the next few decades. Still, pragmatism will win out over presumed quick fixes every time. Until then, there are some things that you can – and must – do in order to minimize this maximum security risk. The following are password and penetration testing related pieces that I recently wrote for the nice folks over at Specops Software that can help put you on the right path:
What to expect during your next penetration test
Following up on your vulnerability and penetration testing
Low-hanging security fruit you can’t afford to overlook
Best practice tips for your password policy
How to audit network passwords
…as well as a related guest blog that I wrote for Pentest Magazine:
Three Actionable Steps To Take Following Your Penetration Testing