Skip to main content

Guess what? Passwords are under attack again. 

I know what you’re thinking: Passwords? That’s so yesterday. Everybody knows that passwords are a weak link. Even systems themselves prompt for harder, more secure passwords. 

And yet, the problem remains. 

The average person today has several dozen password-protected accounts. With so many things vying for attention, it’s only natural to reuse passwords – 66 percent say they reuse passwords. Less than half of Americans say they change their passwords even after learning of a security breach. 

Criminal behavior stops at nothing. If you’re still using old password rules, you may be putting yourself at risk. 

Password spraying may be impacting you

To get into an account, you add a username and a password, click, and you’re in. Password spraying adds brute force to that process. 

Most cybercriminals are savvy in their processes. They spend time learning about organizations, scouring the dark web for information, or looking for industries with notorious weak security practices. Cannabis can be one of those industries, especially with smaller businesses. 

With information in hand, cybercriminals use sophisticated tools to bypass authentication servers and access an account by feeding well-thought-out patterns of usernames and passwords. They have a system, so they don’t get blocked. Once in, they move quickly to other accounts and profiles, gathering sensitive data, changing permissions, and otherwise destroying any security measures that prevent them from getting what they want.  

Preventing password spraying 

A good security practice starts with knowledge. When you know passwords may be your weakest link, you can change your policies to reflect it. There are several things you can easily implement into your business. 

  • Use password authentication techniques – many systems can be built to use biometrics or hardware token-based authentication to bypass passwords altogether. 
  • Leverage multi-factor authentication – entry starts with a password but requires a second authentication factor before gaining access to a system. 
  • Create a zero-trust framework – zero-trust eliminates implicit trust and requires users to validate at every stage of digital interaction. 
  • Use CAPTCHA systems to prevent bot-based password spraying.
  • Educate employees on passwords. They can’t avoid what they don’t know exists.  

It starts with educating employees about the dangers of easy passwords. Ultimately, it’s about your security practices and your IT strategy. 

There are techniques and resources available to make your security routine. The easier it is for you, the more protected you’ll be. Awareness is key. 

Is your business ready for a cybercriminal using password spraying to attack? If not, here’s your notice to implement a better plan now. 

For IT Strategy, Security and Compliance, or Help Desk Services, reach out to us at Cannabis Technology Partners 360-450-4759.