I must warn you, the story you are going to read contains as much horror as the Stephen King books.
A friend of mine got a job during the pandemic. He thought it was a great opportunity because the company he started with was his dream company and he was afraid to make a mistake. He wrote to me via Whatsapp so as not to forget the VPN access password and username they used. Since I was wondering whether it would be possible, I typed the password and username into the company’s system and tried it. Bumm… I was inside! They did not take a second security measure.
Although I was wondering how there is no second security measure in such a large company working internationally, what I was more curious about was what else I could access. I was able to access all of their systems and reach the e-mail addresses of other users. After ending this little adventure, I started to see what malicious people could do. As I thought about it, I realized that the data could be sold. When I thought about who would buy it even if I sell it, this time Dark Web came to my mind. The situation was getting more interesting, so I reached out to an IT expert working in the same company through my friend and told him that I heard that they only use a password as a security measure. The IT expert said that they are doing research to take additional security measures and are aware of the danger of the current situation. Even though I couldn’t say they were not aware enough, I wished them luck and did my part.
Is This Your Employee or Someone Else ?
After authentication with the username and password in VPN access, the user becomes able to access all the data of the company. From this point on, while company personnel provide their daily tasks with remote access, malicious people who introduce themselves as authorized persons start stealing, leaking or selling company data. They do this by capturing or cracking user passwords. What we need to do is to make the passwords we use hard to capture or to stop using passwords.
Secure Your VPN Access With Passwords
With AuthTake Multi Factor Authentication, you can increase the security of your passwords. Various security measures that you can take in addition to the password ensure that your systems cannot be easily accessed in case your password is stolen. Although we have solved the access problem, some problems may occur due to the nature of passwords. For instance, forgetting passwords. You can use our AuthTake PassKiosk to compensate for help desk calls caused by forgotten passwords and your employees’ lost hours of work waiting for an answer from the IT team. AuthTake PassKiosk allows users to reset their own passwords.
Secure Your VPN Access Without Passwords
With AuthTake Passwordless MFA, you can eliminate the problems caused by sharing, stolen or forgotten passwords by eliminating the use of passwords in your VPN access.
AuthTake product family is ready to meet all your needs. Start using it today and meet the needs of the digital world.