Manage

What are best practices for secure password distribution after a data breach?

After an information security data breach, it might seem like a good idea to create new user IDs and passwords for all employees in the user directory. But is there an easier way to handle the aftermath of a data breach? Find out more in this IAM expert response.

Our enterprise recently had a breach and had to create new user IDs and passwords for many users. What's the most secure way to inform the users of these new IDs when email is so inherently insecure?

Creating new usernames after a breach provides little assurance that the breach won't happen again and takes a significant amount of time and energy; it also creates a variety of gaps, such as tying data from the old account activity to the new. There should be a standard for usernames across all systems and applications. I would recommend using employee identification information, such as first name and last name or an ID number you associate with each employee for HR purposes. This will have the added benefit of simplifying the termination process as well.

The proper response and secure distribution strategy following a username and password hack would first be to disable...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

all of the accounts that may be compromised and reset the passwords to meet stringent complexity requirements. Next put your team's forensic skills to work to determine -- with certainty -- how the enterprise's security controls were breached. Then present those findings to management and present a plan to modify those controls or implement new ones to mitigate the risk going forward.

Changing and increasing the complexity of a password significantly reduces the likelihood of the account being hacked, but only if you've already determined how the original compromise was achieved and appropriately responded to it.

For more information:

Learn how to prevent SSH brute force attacks that can compromise passwords.
Be prepared for security breaches with security breach management planning and preparation.

This was last published in November 2008

Dig Deeper on Password management and policy

SearchCloudSecurity

Over 15 billion credentials for sale on dark web

Analyzing the top 2019 data breach disclosures: Hindsight in 2020

Data breaches in Australia showing no signs of abating

2019 data breach disclosures: 10 more of the biggest

5 PaaS security best practices to safeguard the application layer

Private vs. public cloud security: Benefits and drawbacks

How to create a cloud security policy, step by step

SolarWinds: Lessons learned for network management, monitoring

7 key SD-WAN trends to evaluate in 2021

10 network security tips in response to the SolarWinds hack

3 steps to recalibrate a strategic IT roadmap

Experts predict hot enterprise architecture trends for 2021

Cloud, security top list of IT spending priorities

Otter.ai helps Google Meet stay competitive

Will Windows 10 be the last Windows OS?

CES: Laptops sport designs friendly for remote workers

IBM acquisition spree targets hybrid cloud consulting market

How to choose between IaaS and SaaS cloud models

COVID-19 and remote work shift cloud predictions for 2021

Vodafone unveils ‘instant’ Wi-Fi

BT connects Dutch diplomatic missions

Nine out of 10 UK card payments in 2020 were contactless