Data Security Firm’s Report Highlights How Enterprises Must Implement Stronger Password Security Systems to Counter More Sophisticated Hacking Techniques
Redwood Shores, Calif., December 14, 2011 –Imperva (NYSE: IMPV), a pioneer and leader of a new category of data security solutions for high-value business data in the data center, today announced a new report detailing how hackers crack passwords. The report, Enterprise Password Worst Practices, is a sequel to Imperva’s 2009 report, Consumer Password Worst Practices.
The report is available here.
“Instead of consumers, we believe responsibility rests on enterprises to put in place proper password security policies and procedures as a part of a comprehensive data security discipline,” explained Imperva CTO Amichai Shulman. “Passwords should be viewed by security teams as highly valuable data. We hope this paper guides enterprises to rectify poor password management practices.”
The reports details:
- How hackers bypass security controls to protect passwords.
- Popular, key online resources hackers employ, including one website containing 50 billion possible password permutations.
- Key steps that Imperva recommends IT teams within enterprises undertake in order to mitigate password breaches. Imperva’s recommendations include:
- Using passphrases: Allow users to choose longer passwords which are easier to remember. Passphrases provide the necessary length yet do not require the user to write down the secret on a note left on the worker’s desk.
- Enforce strong password policy. This doesn’t mean just applying restrictions on the character types, but also by comparing against dictionaries used by attackers. In fact, Hotmail recently banned the usage of common passwords. This also means defining and banning site-specific passwords, as well as banning numerical or keyboard sequences.
- Use of a special form of encryption known as “salted digests.” A salted value, which is a random value pre-pended to a password before it is encrypted, should increase the cost of guessing the password so that financially-motivated hackers will not make such an investment.
About Imperva
Imperva is a pioneer and leader of a new category of data security solutions for high-value business data in the data center. With more than 1,500 end-user customers and thousands of organizations protected through cloud-based deployments, Imperva’s customers include leading enterprises, government organizations, and managed service providers who rely on Imperva to prevent sensitive data theft from hackers and insiders. The award-winning Imperva SecureSphere identifies and secures high-value data across file systems, web applications and databases. For more information, visit www.imperva.com, follow us on Twitter or visit our blog.