Passwords in the Age of IoT

Connected devices are becoming increasingly prevalent in the home, at the office, and everywhere in between. With 2020 widely predicted to see the arrival of mainstream 5G adoption, we can only expect the popularity of smart IoT products to grow.

While the IoT certainly brings a number of efficiencies and conveniences, it also can represent a significant security vulnerability. As Enzoic’s CEO, Michael Greene, recently told journalist Sue Poremba, “Manufacturers are focused on getting smart devices into the market as quickly as possible, but in this race to capitalize on the IoT’s potential, security is often woefully neglected.”

A prime example of this neglect can be found in the rampant use of default passwords as standard on IoT and smart devices. This was the case with 600,000 GPS trackers manufactured in China that were programmed with a password of “123456”—you can read more about this and other vulnerabilities in this CNET piece. With security an afterthought for most manufacturers of IoT products, it falls to users, retailers, and IT departments to ensure that connected devices don’t inadvertently lay out the welcome mat for hackers.

So, where should they start? Our COO, Josh Horwitz, recently outlined some key IoT password and security considerations in Retail TouchPoints, including:

• Create a strong, unique password—and ensure it has not already been compromised in a breach. A treasure trove of breach data exists on the Dark Web, and hackers can easily obtain a password that was exposed in a previous attack and use it to gain access to a smart device. In this environment it’s not enough just to have a unique password; individuals and companies alike must ensure that it is safe to use. That’s why it’s so critical that organizations avail of credential screening solutions like Enzoic, which checks passwords at their creation and on a daily basis against a live database to prevent against the use of compromised credentials. Enzoic offers a free password check tool for consumers to check the security of their passwords and recommend that people do so frequently.
• Never reuse passwords. As Josh put it, this prevalent security mistake gives “cybercriminals a golden ticket to your digital identity.” Consider using a password manager such as LastPass if you need help keeping track of your passwords.
• Update IoT software. Whether it’s a consumer device or an enterprise-provisioned one, ensuring that it has the latest software and patches is key to keeping hackers out.

As Poremba acknowledged in her piece, it can be difficult for users to change poor password practices and for organizations to enforce better password hygiene. But, as she puts it, “As long as we continue to use weak passwords on IoT devices, we will be putting…networks and data at risk unnecessarily.”

For more of Michael’s thoughts on passwords in the age of IoT, check out Poremba’s article in its entirety here.