Protect your Office 365 account against password hacking

/

By enabling Multi Factor Authentication (MFA) on your Office 365 accounts you can reduce the chance of a hacker getting access to your data

Recently we have seen more instances of Office 365 passwords being compromised to either:

  • Trick the user into transferring money into the attackers account.

  • Data encrypted and held for ransom.

  • Extortion

Good password practises and passwords is essential, but having a multiple authentication before having access to your data is another step the attacker has to take to gain access. Attackers will most likely pick and easier target when they encounter this.

Multi-Factor Authentication for Office 365 is a feature that prevents access to your data and email unless on a trusted device or through a second authentication.

Other features are also available on your Office 365 tenancy including: Azure AD integration, password policies and self service password reset

mr_robot-copy.gif


Security - Password Security

/
brute force.png

Password
Security

Brute Force Attempts and Password Changes

Hackers are becoming more sophisticated in exploiting systems as ransomware has proven to be very lucrative. As a result, the number of password cracking attempts we have observed has increased dramatically.

The systems you expose to the internet for communication, management and remote access allow for hackers to attempt to brute force your passwords. They use common usernames and attempt thousands of password combinations until they breach the system.

As hackers develop better methods and algorithms to successfully breach accounts, higher complexity in passwords is essential.

Elevated accounts, such as Administrative accounts should be changed periodically to a high standard of complexity. User accounts, especially those with remote access should be restricted by a policy that enforces password complexity. 

If you cant remember when your administration passwords were last changed, its time to do it.

One of the biggest risks is from parties that were given a password to your system at at time when they needed it. These persons now have the keys to your system and may have moved on to another company, or even your competition. Other 3rd parties may have been given access to do an integration with their own product and no longer need access.