Identity & Access Management , Multi-factor & Risk-based Authentication , Security Operations
Researchers Call on Breached Companies to Revamp Notification Akshaya Asokan (asokan_akshaya) • June 2, 2020Even after being notified that their personal data has been compromised in a breach, only about a third of users change their passwords - and most of these are not strong or unique, according to a study by researchers at Carnegie Mellon University.
See Also: Live Webinar | 2021: A Cybersecurity Odyssey
Based on these findings, the researchers recommend that organizations revamp their breach notifications to include more information on effective password resets. They also recommend that companies hash and salt their passwords to avoid credential-stuffing and rainbow-table attacks that target plaintext passwords.
In addition, the researchers say that government regulators should make password reset requests mandatory for all companies that sustain a data breach and create incentives for two-factor authentication, the report notes.
Trouble With Passwords
The study, which was presented at the recent IEEE 2020 Workshop on Technology and Consumer Protection, was conducted by a trio of security researchers at the university's Security and Privacy Institute who studied the efficiency of password-related breach notifications.
Th ..
Support the originator by clicking the read the rest link below.