Password leak - Don't let it happen

Password leaks are one of the most easiest way for a hacker to get access to your enterprise tools and comprise overall security. A latest study pointed that it cost an average of $4.4 Million for each data breach. But why password leaks happen even after having so many secret management softwares ?

Simple Answer : Human behavior

Beside all the trainings one thing enterprises can't control how people are going to store their password - file system, repos or on a piece of paper.

Here are some ways where engineering community can make sure we limit these exposure.

GIT

Lets start with git , git has a secret scanning feature which scans all repos for any committed secrets. Here is quick flow of how it works and you can also configure alerts for these type of events.

Git Secrets

Take this a step further by using git-secrets which prevents you from committing passwords to a git repo. Released by AWS Labs this is a must have for all enterprise engineering teams.

Git-Secrets is an open-source command-line tool used to scan developer commits and “–no-ff” merges to prevent secrets from accidentally entering Git repositories. If a commit or merge matches a regular expression pattern, the commit is rejected.

Spectral

Spectral secret scanning solutions, integrate into build process. Whether it’s a static build, pre-commit to Git, or CI integration. Spectral can scan Git repositories not just for configuration issues and secrets lurking in the code, but also for logs, binaries, and other data in the codebase which you may not intuitively think of as a potential leak source.

It also provide a user Interface.

PowerShell

Yes, the same powerShell which is culprit for latest #uber Hack, can also do a file system search for password and secrets on your local or on cloud drive.

Here is a thread on stack overflow with some great suggestions, use the option which fits your need the best.

You have any other neat ways to prevent password leaks? Leave a comment.