Domain password security – the basics
Hackers use basic hacks and social engineering techniques to obtain, or figure out, passwords that do not follow best practice configurations. It is crucial that you as a user are following best practice password management to protect your business from being compromised. Recommended best practice password management tips are:
- Always keep your password secret and commit it to memory: Don’t store it in an online drive that can be accessed if hacked.
- Always use a different password – never use the same password across multiple applications and portals.
- Length and complexity make a password much more difficult to hack.
- Avoid basic dictionary words with capital letters and numbers at the end – there are programs that can quickly figure out these combinations.
- Use a password manager – you can randomize passwords and safely secure them.
- Password rotation: never sit on a password for a long period of time. Regularly change your passwords.
- Use unique security questions: Many people will use easy to figure out ‘question and answer’ challenges such as ‘what is the maiden name of your mother?’ or ‘Name of primary school’. A hacker can conduct some basic social research to figure out the answers to these questions.
brandsec recommends avoiding these bad portal practices
Multi-factor authentication is non-negotiable
Multi-factor authentication (MFA) is required before any person can access the brandsec portal. No MFA = no access. MFA means that if your password is compromised, the hacker will not be able to gain access without additional authentication. Microsoft reported that MFA prevents 99.9% of hacks from occurring.
Consider multi-factor authentication for critical tasks as well
To give your portal the highest standard of security, consider implementing MFA at a functional level. For example, when DNS is added, edited or deleted or when domain names are registered etc. This protects your business from scenarios where a user steps away from their desk and accidentally leaves their laptop and portal screen open.
Secure your mobile phone
Mobile phones are used for Multi-factor authentication so protect your phone by using a strong password, fingerprint, or facial recognition password.
Set up approval workflows to greatly reduce your risk profile
brandsec can replicate your approval processes in the portal for important functions, like DNS updates so that changes to critical domain names are approved by a senior user before they are able to be published. This means that even if one user is hacked, a change can not be published without the approval of another user.
Admin users require extra portal security management
A primary user has the ability to create, and delete users within their organisation and they have the keys to the portals that they operate. The highest security standards should be implemented to protect primary user credentials including fine-grained permissions, MFA at a granular level, regular auditing, and ensuring that the appropriate level of privilege access controls is in place.
Restrict user access – Use fine-grained permissions
Limit access to users to what they need to see and do. The brandsec portal allows users to create fine-grain permission, create divisions, functional roles and limit access to specific domain names or tasks. For example, does marketing require DNS editing access? In most cases, the answer is no and by giving them read-only access you decrease the risk profile for your business. Likewise, if your business has multiple divisions then limit access to the domain names that are relevant to them.
Regularly audit users
Reviewing who has access and scrutinizing whether they still require access is important to reducing your business risk profile against possible unauthorized access. Basic reviews should include:
- Have all users implemented MFA?
- Do all users still need access?
- Are access levels correct?
- Are users active? Inactive users should be deleted.
- Are all users still employed? There have been well-documented cases of former employees accessing apps and portals years after they left the company.
IP Whitelisting
IP Whitelisting restricts access to specific IP ranges. It is difficult to use in Covid times when so many people are working from home, otherwise, IP whitelisting is a great way to restrict unauthorized access to your account and we recommend it where practical.
About brandsec
brandsec is a corporate domain name management and brand protection company that looks after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, SSL Management, domain name brokerage and dispute management and brand security consultation services.
