Uber Hack: Get RID Of ALL Your Admin Static Creds

Lessons learned from last week's Uber hack

That’s it, no post right now.

My tips this week are:

  • Get rid of all your static admin creds

  • Add step up authentication for all admin ACTIONS

  • Add adaptive MFA to your authentication to detect abnormal MFA activity

  • Have admin users use SEPARATE credentials for everyday access vs Admin Access

Here’s an excellent video by Marcus to help illustrate:

Reply

or to participate.