UnHacked 13. Password Security Summary

UnHacked Episode 13 - Password Security Summary

Episode Overview

This episode focused on password security, breaches, and best practices for small and medium-sized businesses. The hosts discussed several major security incidents and provided practical advice for improving password security.

Key Security Incidents Discussed

Ticketmaster Breach

• A hired employee from a competitor brought over internal password documents
• Used the passwords to illegally access and spy on their competitor
• Highlighted the importance of proper employee offboarding and ethical business practices

New York City Law Department Incident

• Attacker gained access through stolen employee passwords
• Department had claimed compliance with mandatory 2FA requirements but hadn't fully implemented them
• Resulted in weeks of attorneys being unable to access electronic files
• Demonstrated the importance of actually implementing and maintaining security measures, not just claiming compliance

Verkada Security Camera Breach

• High-end security camera company serving clients like Tesla, jails, and Equinox gyms
• Breached through basic password management issues
• Hackers gained access to over 5,000 security cameras and door controls
• Resulted in significant reputational damage and lost business

Key Password Security Issues

Common Password Vulnerabilities

1. Dark web exposure
2. Password reuse across multiple sites
3. Storing passwords in browsers
4. Keeping passwords in spreadsheets
5. Weak or simple passwords

Password Cracking

• 8-character passwords can be cracked:
  • Lowercase only: instantly
  • With uppercase: 22 minutes
  • With numbers: 1 hour
  • With symbols: 8 hours
• Recommendation: Use minimum 15-character passwords with mixed characters

Schedule Your Free Security Assessment

Best Practices and Recommendations

Essential Security Measures

1. Use password managers
   1. Generates complex passwords
   2. Stores passwords securely
   3. Eliminates need to remember multiple passwords
   4. Prevents password reuse
2. Enable Two-Factor Authentication (2FA)
   1. Critical last line of defense
   2. Should be mandatory and regularly verified
   3. Must be properly maintained and monitored
3. Regular Security Scans
   1. Dark web monitoring
   2. Local computer scans
   3. Vulnerability assessments
   4. Should be performed regularly as threats evolve

Emerging Technology

• Passkeys: New standard by Google, Apple, and Microsoft
• Moving toward passwordless authentication
• Uses certificates and biometric verification
• More secure than traditional passwords

Key Takeaways

1. Password security is fundamental but often overlooked
2. Security measures should be regularly reviewed and updated
3. Vulnerability scans consistently find issues, even in well-maintained systems
4. The cost of prevention is far less than the cost of a breach
5. Security improvement should be viewed as an ongoing journey, focusing on 1% improvement each day

Resources

• Website: unhacked.live
• Available services: Free vulnerability assessments
• Additional channels: Facebook group, YouTube channel
• Network of IT partners available nationwide