PC Mag issued its list of 2020’s most common passwords. 123456 is still the world leader.
Of course a few other favorites:
The Passwords Conundrum
Passwords are mandatory in today’s tech world. The only problem is that they have turned into such a major nuisance. They exist obviously to protect access to sensitive information and personal data, but passwords have also become incredibly frustrating; you shouldn’t use the same one across the board, which means you probably have variations of the same one, which means you have to remember which one is for which site, and then when you have to reset your password because inevitably you can’t remember it, then you comically get an error message that says your new password can’t be the same as your old password. Also, please don’t forget that your password now has to be complex enough that it’s hard to guess. So, add that to the list. Finally, any form of password that is based on personal information is considered verboten.
Password management tools and apps can help ease the pain of passwords, but those don’t solve many of the password challenges all of the time. They might make it easier for the user, but do little to protect data in the event of a breach, or insider attack, from keeping unauthorized users from your firms or nations data and information. Once a password is stolen, your data is in the clear.
And if passwords are that irritating to a user, they cause a whole additional set of issues for enterprises. Think about it: if the average enterprise uses 1,400 cloud applications (SkyHigh Networks estimate) and each enterprise has thousands of users accessing those applications, that’s password management for literally millions of passwords. Complicating things further are complex IT environments, administrative and operational costs, needing to meet compliance regulations, and of course, keeping everyone within your organization up to date on your security and password policies.
The #1 help desk Ticket is Password Resets
From an organizational and security standpoint, some of the problems with passwords include:
- 20-50% of all IT help desk tickets are for password resets and U.S.-based organizations spend over $1 million annually in password-related support costs
- They make for poor user experiences: the average business user must remember and log in with as many as 190 passwords
- 81% of all breaches involve stolen or weak credentials, while 29% of all breaches involved the use of stolen credentials
Overall, passwords are neither the best nor the most secure gatekeeper for our most important assets, which then begs the question: why are we still using them? And yet, the jump from using passwords to another solution seems very far away. Is getting rid of passwords a realistic future? Right now, the big push is into biometrics as a means to identify users, but is it scalable for enterprises? At the moment, probably not. The market is not currently in a place to support this easily. Also, biometric identity still does not protect your data in the face of an attack. As with passwords, once a hacker is past the identity verification phase, your data can be accessed easily.
Passwords, 2FA and Bio-Metrics Are Not The Most Effective Solutions
What is needed is a better approach to data security. Perimeter products that try to keep hackers out will all eventually be breached. Fanaticism on identification through bio-metrics, password managers or 2FA are only as secure as the person entrusted to follow the protocol. As we all have learned, the human error component can always be breached. In the near future, when quantum computing becomes more mainstream, products that rely on TLS-based encryption will be instantly obsolete.
Our Motto: In Math We Trust
The only solution is for data security products that actually protect the data itself.
BLAKFX has delivered. The Helix22 data security SDK protects all data at rest, in use and in transit. Review Helix22 API, examples and documentation on our GIT
Helix22 delivers all this security assurance very confidently due to our genius engineering team spearheaded by Robert Statica and Alex Maslov who have invented a new model for data security that required an innovative look at the problem. As mentioned, the approach we took was to protect the data itself. Almost all other data security products try to build a perimeter or being fanatic on user identification. However, once the product is breached or a password is stolen, your firm/nations data is in the clear.
You see, the Helix22 cryptography is embedded with the data itself through our inventive and patented process of DNA BindingTM. Therefore, even if a breach were to occur the data cannot be exfiltrated. This means that all your firm/nations data is 100% protected regardless of the type of attack. Further, Helix22 protects data at rest, in use and in transit. No other data security can make that claim. Artificial Intelligence and Machine Learning experimentation runs and generates incalculable amounts of data. All is protected at its inception.
Our patented DNA BindingTM cryptography is what enables our low, low latency. As the encryption is with the data, there is no need to create the large packets required in RSA.
We can make this claim as the tech engineers at BLAKFX invented and patented a genuine user2user (U2U) encryption. We manage data security transmission through the truly brilliant and also patented universal Helix22 key service. The Helix22 encryption originates on your network or device, not just when the app is opened. This means, that when data arrives to our key server, it is already encrypted so all it needs to do is issue another key. Signal and Telegram cannot claim this level of security. This key will then only work with the intended device, which generates a matching key required to open the data. In this protocol, we are truly a “zero-knowledge” server so your communications and transmissions remain completely top secret. Even in the event that BLAKFX were subpoenaed, we can honor the request by just handing over the encrypted content…as that is literally all we have. Helix22 also only use keys just one-time and then destroys them. This way the data security is future forward prefect. Therefore, in our unique user-to-user encryption (U2U) world, there is no opportunity at all for any data leak.
This same protocol just described, can be the same with all your 3rd party vendors and suppliers. It does not matter in the least what platform they are running or what device they are using or even the type of data, it is all 100% protected. We do however, strongly advise that all firms involved be utilizing Helix22 due to the nature of the data content. Helix22 can ensure that whatever data they are generating is protected as well.
Let’s take it a step further. Even if your organization were a victim of an internal attack or a victim of malicious open source downloads, there is no reason for concern. Any data that has been forwarded, downloaded, copied or saved cannot be exfiltrated. Period. We have the technology industries foremost data packets which are protected with multi-layered, military grade encryption algorithms that have already proven the ability to withstand penetration testing from MI5 and quantum computing attacks.
One final practical genius of DNA BindingTM is in that it is immediately compatible with whichever system or software you are utilizing. Therefore, any organization can forward information to another and then discuss it and there is immediate privacy.
The BLAKFX Suite of Data Security Products
In addition to the fastest and most secure data protection product available in Helix22, we provide a full range of security products for an holistic approach.
We are on a mission to stop ransomware threats
Ransomware Auditing as a Service (RaaS): ransomware attacks have skyrocketed in the past year and currently represents the biggest threat to the data of government agencies, military, intelligence agencies as well as private enterprises. BLAKFX developed the first in the world Ransomware Auditing as a Service (RaaS) platform which allows our cyber security engineers to scan your network and simulate real-world ransomware attacks to determine the test the prevention, detection and mitigation strategies of your organization and establish how resilient your network is to real ransomware attacks. After the scan we provide a comprehensive report and our recommendations for remediation.
If you are the victim of an actual ransomware attack, we are able to recover the data that has been hi-jacked during the attack and due to Helix22’s DNA BindingTM cryptography, restore it to its original state.
Auditing/Penetration Testing: we provide cyber auditing & penetration testing services in order to identify the gaps in your network, cloud, communications, network appliances, wireless networks, laptops, desktops & mobile devices, website, backup and 3rd party applications and services. Once we scan your systems, we provide a comprehensive report and our recommendations for remediation.
MSS & Insider Threat Prevention: BLAKFX has a national security level Secure Operations Center that can monitor your network (via our Managed Security Service) for threats & vulnerabilities as well as your employees via threat behavioral analysis techniques in order to stop threats (including insider threats) before they become a problem for your network, data and organization.
TSCM: many organizations and government agencies are aware of the threats posed by hacking surveillance and data theft but are not aware that Technical Surveillance Counter Measures and Electronic Security are an essential component of overall risk mitigation. BLAKFX’s access to the most sophisticated equipment, military and intelligence community level RF frequencies monitoring expertise is unique in the world.
Physical Security: we offer overall physical security services and designs for your buildings, data centers, cloud providers, airplanes, vehicles and personnel security. We provide full physical security planning, insider threat detection and prevention, physical security audits, certification, and security awareness training.
Global Governments: (restrictions apply) Click here to request information & quotes
*Katim Secure Phone: part of the BLAKFX’s suite of secure products, we are pleased to offer governments, law enforcement, intelligence agencies, military forces globally and enterprises, a fully user2user encrypted phone, with secure messenger, secure email, secure news, secure audio/video calling & secure conference calling.
OSINT: the Collection Platform provides real time comprehensive view of collected intelligence from various sources. The system allows for more effective operation management by allowing the operators to control all available intelligence gathering tools from a single, unified dashboard. By allowing centralized control, alongside presentation of key intelligence and insights the overall operational effectiveness is significantly increased.
The Analytics Platform system fuses all field intelligence meta-data and cyber intelligence content, as well as other data sources, to highlight and identify suspicious activity, important events and analyze suspects’ relationships and communications. The system can provide in-depth operational understanding in near-real-time to the field operations teams.
Pre-Crime, Data Fusion and Big-Data Analysis: a full range of capacity for big data analytics. Analyze billions of events, merge data from heterogeneous sources, reveal weak signals and understand the digital behavior of a target are some of the numerous features of the Analytics Center. It’s composed of modules like Analytics, Profile, Relational and Predictive.
LLDDS: Low Level Defender Drone System consists of three essential elements, the first of which is our Ground Based Sensor Node (GBSN). The GBSN employs a very low power, high sensitivity FMCW radar system, functionally integrated with a complementary video/IR detection and confirmation system. The GBSN is controlled by AI and by either a single on-site operator or via remote operator control over our fully secure Command, Control and Communications (C3) SatComm-based network. The second element in the System is a medium endurance, low-level, missile-armed defender drone. This critical airborne asset will provide: persistent or on-demand zone protection including airborne patrol, target identification, target confirmation, and attack. This unmanned, very capable platform is the attack and deterrent end of the LLDD defense chain. It is continuously and closely monitored and controlled by AI and a Controller/Operator – in real-time – via the LLDD C3 SatComm Network. Our highly automated and minimally manned concept employs proven off-the-shelf, ground-based and airborne sensors and platforms combined with proprietary BLAKFX technology.
Note: Items marked with * are available for enterprises as well
BLAKFX is Based on Proven Success
Our founders, Robert Statica PhD and Kara Coppa, also founded Wickr, which is used by the US military and has never been hacked since its inception in 2012. The Helix22 data security SDK is several generations enhanced since then. Dr. Statica also delivered the encryption for the world’s most secure phone, Katim.
Founder – Robert Statica PhD Founder – Kara Coppa Founder – Alex Maslov MS, MBA
Co-Founders of Wickr KatimTM Ultra Secure Smartphone
Finally, the Helix22 encryption is quantum computing ready so no need to redo all your data security methodologies in a couple of years when everything else becomes obsolete.
We like to refer to Helix22 as “22nd Century Data Security.”