Recycled passwords are believed to be the main culprit of recent breaches in the remote access space. Hackers leveraged leaked data from recent high-profile breaches against other online services to gain access to larger, more critical accounts. While Bomgar customers have not experienced any breaches as a result of this, we are cognizant of the threat of poor password security and taking this opportunity to ensure our customers are following best case practices for authentication and credential management.
We know you’ve heard it before, but our first piece of advice is to make sure Bomgar passwords are not reused for other services. While recycling passwords across multiple sites makes them a lot easier to keep up with, it also makes accounts a lot easier to hack. If users are using the same login emails and passwords across multiple services, when one of them is compromised, they all are.
Second is to set strong passwords and regularly change them. Bomgar requires our customers to set up strong passwords as a default. Bomgar allows admins to set rules for user accounts regarding the length and complexity of passwords, how often passwords expire, as well as rules for password reset and account lockout. Integrating a password manager like Bomgar Vault enables your administrators to securely manage and automatically rotate credentials to improve security.
With Bomgar, organizations can also leverage Active Directory and other security providers for authentication to centrally manage user accounts. If your organization is using LDAP or AD for user authentication, it is likely their credentials used are not the same ones being used for external accounts.
Lastly, two factor authentication enables a second security check beyond user name and password by utilizing something the user knows (password) together with something the user has (device). Built-in two factor authentication is now available as a feature of Bomgar Remote Support, or you can integrate with an external two factor authentication tool. With the recent release of Bomgar 16.1, customers can upgrade today to start using Bomgar built-in two factor authentication.
To take two factor authentication a step further, Bomgar Verify can be paired with Bomgar Remote Support and Bomgar Privileged Access to provide secure, tokenless, two factor authentication. This allows users to authenticate using their own devices, such as a phone or laptop, instead of carrying around an additional piece of equipment.
No single solution can completely safeguard an organization against an attack, but taking a layered approach to security significantly reduces risks. Most other SaaS tools do not have the capability for user authentication that Bomgar does, and free tools with a lower focus on security tend to be a higher target for cyber criminals.