check employee accounts against common password lists, but passwords are one of the most common threat vectors for accessing systems.
use of stolen credentials was the #1 hacking tactic for criminals to gain access to “secure” enterprise networks
at the world’s largest financial services companies reuse passwords across corporate and personal accounts
HOW ENZOIC HELPS
Employees and clients keep selecting the same exposed passwords. This vulnerability opens the door to bad actors’ password spraying, credential stuffing, and cracking of hashed passwords. The FTC and SEC now cite compromised credentials in financial service firms’ failure to establish adequate security. It is time to detect and eliminate common, compromised, and easy-to-guess passwords.
Add security without adding another obstacle to the authentication flow
Follow best practice password policy recommendations, including detecting when good passwords become compromised
Automate your password policy and generate documentation to show compliance
“It is not enough to write a policy requiring enhanced security measures if those requirements are not implemented or are only partially implemented, especially in the face of known attacks.”
FINRA produced guidance for organizations to tighten their cybersecurity, but no advice was provided regarding the issue of password hygiene.
Three tips that financial organizations in the credit, banking, and insurance industries could benefit from to keep data and networks secure.
Credential stuffing attacks are posing major risks to banks and credit unions. Read how to address the vulnerabilities in open banking.