As World Password Day is coming up on the 6th of May it reminds us of the importance of protecting ourselves through strong passwords. World Password Day helps people to improve passwords that they use for their online accounts and provide sources to learn more about cybersecurity.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>Security is always adapting in this day and age. This World Password Day, I want to emphasize that a \"password\" or \"password-less\" multi-factor authentication mechanism should be your only authentication type of question. Working from anywhere is here, with identity and access management the foundation to its success.</p>
<p>In the age of digital business transformation, enterprises are facing increasingly sophisticated threats. Your security perimeter needs to be secured for every identity and interaction on your network. Passwords are not strong enough to defend your perimeter. The average password takes 13 seconds to hack, making it all too easy for hackers to breach your system. This World Password Day, it’s now essential to get rid of passwords and move to fully passwordless authentication. By utilizing multi-factor authentication, FIDO2, and PKI instead, organizations can eliminate passwords and limit the impact of cyberthreats.</p>
<p>A lot of attention today will be on making passwords tougher to crack, but in many respects this conversation is outdated, and we should be looking at moving beyond passwords altogether. Passwords are inconvenient and riskier than other authentication options available today because they can be guessed, stolen, or cracked. While we won\’t see passwords go completely away anytime soon, a passwordless approach could be the answer to many user friction and security challenges. A recent <a href=\"https://urldefense.com/v3/__https:/usa.visa.com/visa-everywhere/security/how-fingerprint-authentication-works.html__;!!DZ56qYBuutOgaEbgjQ!5OvrcVk_LfUqitF14ar_wHTRtYw1mvgiqYjsymx61ZnnaQ8K2uKXr-9CGWzgsSKTJEUu$\" data-saferedirecturl=\"https://www.google.com/url?q=https://urldefense.com/v3/__https:/usa.visa.com/visa-everywhere/security/how-fingerprint-authentication-works.html__;!!DZ56qYBuutOgaEbgjQ!5OvrcVk_LfUqitF14ar_wHTRtYw1mvgiqYjsymx61ZnnaQ8K2uKXr-9CGWzgsSKTJEUu$&source=gmail&ust=1620397053811000&usg=AFQjCNHhiRbCNIBbVC7qNbHH31Wwp-vQfA\"> VISA survey</a> found consumers are ready to leave the password behind. Seventy percent of consumers believe that biometrics are always more comfortable as they do not involve memorising passwords.</p> <p> </p> <p>With a plethora of other data pointing to a continuing upward trend in biometric usage, new risk-based multifactor authentication with fingerprint, face, or iris recognition could be the solution that will finally free us from the burden of endless passwords, opening the doors to a brighter, passwordless future.</p>
<p>A password is often the weakest line of defence that hackers can compromise which means its importance cannot be overlooked. </p> <p><br />People often reuse the same password across multiple accounts, but that means a hacker only needs to compromise one account to get access to all the others. </p> <p><br />There is a misconception that adding special characters to your password achieves good security, but this is not enough. A much better method is to create full sentences alongside spaces. Moreover, the true value of a good passwords comes from the size of a password. <a href=\"https://www.scientificamerican.com/article/the-mathematics-of-hacking-passwords/\" data-saferedirecturl=\"https://www.google.com/url?q=https://www.scientificamerican.com/article/the-mathematics-of-hacking-passwords/&source=gmail&ust=1620397053816000&usg=AFQjCNF0aVLZ-7tYgSko03u5jYB75B8h5w\">Research</a> shows that a password of twelve characters can substantially improve your security compared to say a six-character password.</p> <p> </p> <p>While memorising various complex passwords across multiple devices can seem a chore, the multitude of password managers available can tackle this issue for you. And for those looking to be truly authentic and creative with their password management, consider a phrase with a foreign (non-US) character, those are often overlooked by password cracker. This give an extra dimension to ensure your password is safe and secure. </p>
<p>The problem with passwords isn’t that consumers like them, or that many of us have just a handful of passwords granting access to hundreds of accounts. Yes, passwords are one of our biggest vulnerabilities – but this is not the consumer’s fault. The fault lies with the technology industry. We have not yet created a better solution, one strong and convenient enough to keep consumers safe and attackers out.</p> <p> </p> <p>In the last ten years, our shift to a digital economy has created the perfect automation infrastructure for attackers to abuse. It’s easier than ever for attackers to go on the dark web, pay for a database of breached passwords, and then have their software do its work, thousands of login attempts at a time. Put simply, no matter what we do, the numbers game won’t be in our favour.</p> <p> </p> <p>This is a problem that the technology industry has created – so it’s up to us to find the solution. Moving away from passwords to biometrics is a great idea, but it will be a while before that happens at scale. In the meantime, we can improve security significantly by encouraging the use of easier to remember ‘passphrases’, over arbitrarily complex passwords. Combining passphrases with the use of a password manager can significantly increase security and usability at the same time.</p> <p> </p> <p>The onus, therefore, is on technology providers, retailers, marketplaces and anywhere we log in online to change the way they prompt and advise us to create passwords. An integral part of the user experience should be advising us how to make the strongest passwords possible – and having the back-end technology to enable it.</p>