Experts Comments on World Password Day


As World Password Day is coming up on the 6th of May it reminds us of the importance of protecting ourselves through strong passwords. World Password Day helps people to improve passwords that they use for their online accounts and provide sources to learn more about cybersecurity. 

Notify of
25 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Rick McElroy
Rick McElroy , Principal Cybersecurity Strategist
InfoSec Expert
May 4, 2021 2:52 pm

<p>Using a password is as antiquated as using a standard key on your front door — it\’s locked but someone can copy the key or pick the lock and still get access. For this reason, it’s important to prioritise multi-factor authentication, in the form of behavioural and continual authentication, and move away from a central store of identities, which can easily be hacked. </p> <p> </p> <p>Moving forward, we’ll begin to witness hand and fingerprint biomarkers, two-factor authentication with a mobile device, and facial recognition replace traditional password authentication processes. At some point in the future, DNA will probably be used to verify identity in the medical field. Long term, I could see a future where a combination of measurements like a heartbeat and brain waves could be used, making it more difficult than ever for cybercriminals to break the digital lock.</p>

Last edited 1 year ago by Rick McElroy
Ian Pitt
Ian Pitt , CIO
InfoSec Expert
May 4, 2021 3:12 pm

<p style=\"font-weight: 400;\">The past year alone has given hackers so many newsworthy events to take advantage of, which has caused ransomware and phishing attacks to go through the roof.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Despite a rising number of breaches, people still fail to appreciate how easily their details could end up in the wrong hands. With the <a href=\";!!OA8L0MA-!tSUf3dBnJc5j-cKVnuocK0wB9YSsxL7T-49dwLW3-LPGI792fnvIKRWNfASAo–TtOLTEpdo7w$\" data-saferedirecturl=\";!!OA8L0MA-!tSUf3dBnJc5j-cKVnuocK0wB9YSsxL7T-49dwLW3-LPGI792fnvIKRWNfASAo–TtOLTEpdo7w$&source=gmail&ust=1620215288072000&usg=AFQjCNGC760V0a-NWAI-6i7jUTcP8kY2aQ\">NCSC</a> recently revealing millions of Brits are using their pets’ names as their password, it’s clear people are taking a chance with their online security. Our <a href=\"\" data-saferedirecturl=\"\">research</a> found the average person uses the same password across four different accounts, while 52% will forget their passwords if they’re not written down. </p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Employing proper password practices is one of the best lines of defense against would-be hackers. This means using long, randomly generated passwords that contain a mix of characters or passphrases that are unique to every single account. Password managers help to limit the risks of manual password management, generating unique credentials for every log-in which are then stored in an encrypted, secure vault and automatically filled the next time you log in. </p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">“The majority of breaches can be traced back to simple slip-ups in password security, and so clearly it pays to be educated on best practices and the tools available to you and your business. While no one can ever be 100% protected, but strong security awareness provides the highest ROI you can ever have in security.</p>

Last edited 1 year ago by Ian Pitt
Corey Nachreiner
InfoSec Expert
May 4, 2021 3:50 pm

<p>World Password Day has served as an annual reminder that we all need to practice better password security for nearly a decade. And yet, 80% of breaches began with brute force attacks, or lost or stolen credentials <a href=\"\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"\">last year</a>. Attackers add millions of new usernames and passwords every day to the billions already available on the dark web. This has been the trend for years now, so at a certain point we have to ask if daily headlines on the latest security breaches and hacks aren’t enough of a cue to practice good password hygiene, is there much value in World Password Day?</p> <p> </p> <p>Yes, it’s a helpful prompt to use best practices like changing passwords for your accounts regularly, choosing strong passwords or passphrases with at least 16 characters, using a unique password for every account, and leveraging password managers to keep track of them all. But these password security policies should be basic table stakes at every organization by now and should be required and reinforced all year long.</p> <p> </p> <p>I believe that a “World MFA Day” would be a more powerful and effective observance when it comes to strengthening corporate and individual security. Authentication is the cornerstone of good security, and multi-factor authentication means users must provide at least one additional token on top of their password to log into an account. These authentication tokens are typically something you are (biometric fingerprint or facial scans), something you have (like a hardware key or mobile phone), and something you know (like a password). MFA allows you to ensure that even if an attacker gains access to one of these tokens, like a user password, they’ll be unable to log in without the second (and sometimes third) authentication token. It’s an absolute no-brainer when it comes to addressing the widespread and persistent issues around poor password security and should be a primary focus for both businesses and individual users. So, let’s make World MFA Day a reality in 2021!</p>

Last edited 1 year ago by Corey Nachreiner
Brett Beranek
Brett Beranek , VP & General Manager, Security and Biometrics
InfoSec Expert
May 5, 2021 12:16 pm

<p>World Password Day represents a reminder that PINs and passwords are an archaic tool, no longer fit for purpose. Passwords are being sold on the dark web, exploited for fraudulent activity, and have even cost unfortunate individuals vast sums of money in terms of forgotten passwords to safeguard cryptocurrencies. <u></u><u></u></p> <p> </p> <p>Indeed, new UK research from Nuance has found that over one in five (22%) consumers have admitted to relying on the same two or three different passwords or similar variations of them. A similar number (20%) say they receive notifications their passwords have been compromised on at least a monthly basis. This could leave those individuals at an increased risk of fraud, and it is the enterprises that must take responsibility to address this by strengthening their customers’ security with more modern solutions. <u></u><u></u></p> <p> </p> <p>Given the same poll has found that on average victims of fraud lost over £3,200 each in the last 12 months – three times higher than two years ago – it is high time PINs and passwords are confined to the history books so that technology – such as biometrics – can be more widely deployed in order to robustly safeguard customers.  Biometrics authenticates individuals immediately based on their unique characteristics – taking away the need to remember PINs, passwords, and other knowledge-based credentials prone to being exploited by fraudsters and providing peace of mind, as well as security, for end-users.</p>

Last edited 1 year ago by Brett Beranek
Raj Samani
Raj Samani , Chief Scientist and Fellow
InfoSec Expert
May 5, 2021 12:18 pm

<p>When it comes to online safety, password hygiene has never been more relevant. Over the past year alone, we’ve seen a massive surge in online activity, with the pandemic leaving many Brits reliant on conducting daily activities such as shopping and banking online.  <u></u><u></u></p> <p> </p> <p>Passwords are of course a key part of our digital lives, enabling people to gain quick access to a variety of online platforms, accounts, and devices.  However, it can be easy to take them for granted and forget the basics of password hygiene during our busy lives, particularly now as we have so many accounts to keep on top in order to get on with our day-to-day activities. <u></u><u></u></p> <p> </p> <p>Passwords that include personal information, such as your name, or pet’s name, make them easier to guess. This is especially true when we share a lot of personal information online, making it easier for online criminals to make guesses about your password. You should also never share a password, even with a close relative. While this may seem harmless, sharing these details could result in critical personal information falling into the wrong hands. In fact, McAfee recommends changing your passwords about every three months at a minimum. This is so that if a password has been shared or compromised, the safety of your online information has a higher chance of being kept safe by making this change. <u></u><u></u></p> <p> </p> <p>World Password Day is an excellent time to highlight the importance of password safety to consumers. But it is just as important to ensure password hygiene remains top of mind at all times and not just for one day.</p>

Last edited 1 year ago by Raj Samani
Krupa Srivatsan
Krupa Srivatsan , Director of Product Marketing
InfoSec Expert
May 5, 2021 12:22 pm

<p style=\"font-weight: 400;\">The average person manages anywhere between 60 and 90 password-protected accounts–a number that goes up for IT professionals. In an ideal world, each password would be a unique set of randomly generated characters and numbers. But that doesn’t really happen. </p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Weak passwords represent a cybersecurity threat for organizations already struggling with security compliance during remote work and the blurring of personal and professional spaces. In fact, more than 80% of data breaches involved brute force or stolen credentials. </p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Organisations need to take a few extra steps to ensure that they don’t compromise on security while their employees are working at home. Improved last-mile endpoint security solutions paired with password best practices can help improve network security.</p> <p> </p> <p style=\"font-weight: 400;\">For example, Organisations can leverage the benefits of a DNS-first approach for a wide variety of detection and protection purposes, both on and off-premises. Because it sits at the core of the network and touches every device that connects to it, DNS is a powerful tool that can be used to catch more than 90% of malware that uses it to enter or exit a network.</p>

Last edited 1 year ago by Krupa Srivatsan
John Smith
John Smith , EMEA CTO
InfoSec Expert
May 5, 2021 12:46 pm

<p>As businesses continue to operate remotely, and companies deploy their infrastructure into online environments, it’s clear that password hygiene should be a big focus. Hackers have the ability to crack a 7-character password in 0.29 milliseconds, which is why it’s time to focus on application authentication. A simple static password will not suffice, and companies should avoid using predictable passwords to avoid damaging password spraying attacks. Passwords should always be unique, not recycled, and stored in a secure password safe. <u></u><u></u></p> <p> <u></u><u></u></p> <p>Although businesses are conscious of the role that software security plays in keeping data protected, banks and other industries need to take more ownership of application authentication to help detect fraudulent account access. This World Password Day, I urge businesses to empower developers by training them on best practices in secure coding and providing the right tools to prevent users from being more exposed to data breaches from hackers who will continue to look past passwords for weak points in the application layer.</p>

Last edited 1 year ago by John Smith
Ramsés Gallego
Ramsés Gallego , Security, Risk & Governance International Director
InfoSec Expert
May 5, 2021 12:48 pm

<p>As digital-first approaches and distributed workforces become the status quo for many industries, raising awareness around the importance of password security has arguably never been more important. And with recent NCSC research finding that people are using passwords which are an easy target for hackers, it’s clear more needs to be done by businesses to provide the technology and training to ensure better cyber-resilience across the board.<u></u><u></u></p> <p> </p> <p>It is imperative that we secure systems and infrastructure to ensure that the right people have the right access to the right assets at the right time. No more, no less. Importantly, we now live in an era where we do not need passwords alone – or sometimes at all – to enable trusted access. A multi-factor authentication is a useful tool, using more personal attributes, such as biometric data in someone\’s voice, or devices, such as a code sent to an individual\’s watch, to replace or augment passwords.<u></u><u></u></p> <p> </p> <p>Yet despite these advances, there is no doubt that, for now, passwords aren’t going anywhere anytime soon. What’s more, boosting password security – and cyber-resiliency more widely – cannot be achieved by technology alone. Businesses must ensure they are educating their employees on best practice cybersecurity hygiene, beginning with how to create strong passwords and the importance of using different ones for different applications and services. Not only that, they must make sure workforces understand the various tactics used by hackers to target unsuspecting users, from phishing to fake websites. Crucially, increasing awareness among staff on how they could potentially be putting their organisation’s data at risk is key, especially as workforces continue to access systems remotely during and after the pandemic.</p>

Last edited 1 year ago by Ramsés Gallego
Dave Wager
Dave Wager , CEO
InfoSec Expert
May 5, 2021 3:42 pm

<p>World Password Day is an excellent time for individuals and businesses to reflect on their current password practices and ensure they are building the safest habits to protect themselves and their company from cybercriminals. Many are under the assumption that if they are taking the steps to create unique passwords for each platform and application, they are secure. But it\’s not enough.</p> <p> </p> <p>The number of headline-grabbing breaches that have taken place over the last year highlight the critical need for safeguards across the entire company network. While there are a few different ways to protect login credentials beyond a simple username and password, one of the most popular and effective options is two-factor authentication (2FA). Implementing 2FA provides an extra layer of security by making users confirm their identity, most often via a unique code sent to the user\’s phone, email address or through an authenticator app, after entering their username and password. It’s getting easier for cybercriminals to breach even the most complex password, which is why implementing 2FA is critical.</p> <p> </p> <p>Email is a common point of attack because it often contains sensitive and valuable communications. Organizations should also consider implementing an email security solution that conducts a security audit to analyze its admins, users, mailboxes, and rules for vulnerabilities such as outdated passwords so they can be resolved before a breach happens. Organizations should use World Password Day to evaluate their internal Password Policies and send reminders to employees and customers alike about the importance of good password hygiene.</p> <p> </p>

Last edited 1 year ago by Dave Wager
Sanjiv Cherian
Sanjiv Cherian , Head of Business Development
InfoSec Expert
May 5, 2021 3:57 pm

<p>World Password Day was first recognised by intel in 2013 to serve as a reminder of the significance of good password hygiene yet, eight years later many of us still need reminding. </p> <p> </p> <p>Cyber security is a huge, ever-growing industry with preventative solutions ranging from pen testing and red teaming to endpoint security and SASE. However, we still see volumes of cyber-attacks or data breaches occurring every week, surprisingly these are not due to the failing of the plethora of impressive solutions in the market, but rather down to us continuing to forget the basics. Stolen credentials on the Dark Web are sold for pennies, resulting in account takeover and data leaks. Since people use the same passwords on multiple accounts, it works as a treat for hackers to gain access to their systems.</p> <p> </p> <p>Today I want to take the opportunity to remind all organisations and individuals that our security is only as strong as our weakest link, and nine times out of ten, that weakest link is people. Breaches and cyber-attacks will continue to happen, and we won’t be able to stop all of them, but putting some emphasis back on human-centric security such as password habits will get us some of the way there.</p>

Last edited 1 year ago by Sanjiv Cherian
Ed Williams
Ed Williams , Director EMEA, SpiderLabs
InfoSec Expert
May 5, 2021 4:00 pm

<p>We use passwords for one reason and one reason only, to protect ourselves, our data and our information. So why are we still so bad at them? </p> <p> </p> <p>With the sheer number of services we all use daily, I definitely think there is a tendency to be lazy when it comes to passwords. And our own previous research would support that, highlighting words such as P@ssword1 as the most commonly used password, as well as finding people neglecting the use of special characters or using the exact same password for every account they have. </p> <p> </p> <p>Despite passwords being so simple, there’s still a lot of education to be done. For example, did you know that a password made up of eight characters takes an average of one day to crack, whereas one with 10 characters would take an average of 591 days? That’s just two more taps of the keyboard and you’ve enhanced your security by 591%. </p> <p> </p> <p>As humans, we struggle with randomness and all too often use guessable patterns when creating passwords, be it a base word, a year appended to the end, or character substitution, e.g. ‘Dr@gon2021’.</p> <p> </p> <p>Passwords may not seem like much compared with other impressive security solutions or tools but a well thought out password really could make the difference between your data, and that of your organisation, being vulnerable or secure. Why not use today as a reminder to check your password security and make the life of a hacker more difficult.</p>

Last edited 1 year ago by Ed Williams
Duane Nicol
Duane Nicol , Cybersecurity Expert
InfoSec Expert
May 6, 2021 10:32 am

<p style=\"font-weight: 400;\">World Password Day is a great reminder of the importance of proper password hygiene. The consequences of poor password hygiene can be ruinous, as cybercriminals will capitalise to bypass an organisations\’ defenses. At Mimecast, our <a href=\"\" data-saferedirecturl=\"\">recently released State of Email Security 2021</a> report found increases in all attack types over the past year, as the pandemic and switch to remote work created new vulnerabilities that cybercriminals are working hard to exploit. On top of this, the research shows that 78% of UK respondents believe that their employees’ poor password hygiene is putting their company at risk. In addition, 51% of UK organisations expect security naïve employees to be their biggest email security challenge in 2021, compared to a global average of 43%. Studies have also suggested that human error plays a role in up to 90% of all successful breaches.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Cybersecurity awareness training is the best way to overcome this problem, but our research shows only 19% of UK organisations are providing this training on an ongoing basis. Effective training needs to be engaging, interesting, and frequent and amongst other things encourages users to regularly update their passwords and teaches them how to identify phishing emails that could be tricking them into handing over sensitive information. Users should always use passphrases as these are far harder to crack, make use of IT-approved password managers, and ensure they aren’t using the same password across multiple platforms. Having unique passwords across personal and company platforms will ensure that if a person’s social media profile is phished, for example, they aren’t at risk of having a corporate account compromised. Effective cybersecurity awareness training should therefore be the bedrock of any modern organisation’s cybersecurity efforts.</p>

Last edited 1 year ago by Duane Nicol
Ian Jennings
Ian Jennings , Managing Director
InfoSec Expert
May 6, 2021 12:12 pm

<p>The recent targeted supply chain attack on the Passwordstate password manager shows that – while strong password management and protection is important – organisations need to go beyond traditional verification methods to provide additional layers of security in their IT environment.  </p> <p> </p> <p>There is no question that identity and access management (IAM) should be a cornerstone of security in any IT environment, providing centralised security controls and risk mitigation to protect information systems and data from access by unauthorised users and malicious actors.  These tools simplify and strengthen system defenses, with enterprise single sign-on and privileged access management solutions providing a positive user experience while mitigating the threat to data security.  With only one set of credentials to remember, implementation of multi-factor authentication, two-factor authentication, or simply more stringent password specifications to strengthen the access credentials is far simpler.</p> <p> </p> <p>However, IAM solutions have experienced significant innovation in recent years, with machine learning, biometrics, and automation providing far more substantial guarantees that a user really is who they claim to be.  Security leaders should be using World Password Day this year to think beyond passwords, instead of looking at new verification layers, authentication methods, and automation capabilities that provide much greater prevention against attackers compromising valuable credentials.  To support this shift in thinking, organisations should look to expert partners to help identify the correct combination of these innovative technologies and services that will best protect their individual information systems and information assets.</p>

Last edited 1 year ago by Ian Jennings
Elena Elkina
Elena Elkina , Partner
InfoSec Expert
May 6, 2021 12:24 pm

<p>As the LinkedIn breach continues to showcase, many still use PASSWORD as a password. Single-word credentials are no longer safe. Instead, if you must remember your credentials, use pass phrases. The danger with this method is that there is still a potential for re-use. The true recommendation is to use an auto-generated password from a password manager. And of course, any set of credentials should be placed behind MFA. We are still some time away from true passwordless authentication, however many players in the authentication space are taking this challenge in full force.</p>

Last edited 1 year ago by Elena Elkina
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
May 6, 2021 12:51 pm

<p>Passwords are the bane of the security team\’s existence. Users use weak passwords, reuse the same passwords, refuse to change passwords, or simply forget them and need help resetting passwords. I thought self-service password reset options would have alleviated the help desk from resetting user passwords. However, it still turns out 20% to 50% of all IT help desk tickets are still for password resets (according to The Gartner Group).</p> <p> </p> <p> We actually have the technology to eliminate passwords altogether, but that would require companies to indulge in passwordless authentication. MFA helps, but users really need to use better passwords. To be effective, passwords must be complex and over 16 characters in length. That\’s why passwords fail because people can\’t remember 17-character passwords – that are unique for every system. Instead, users should use pass phrases they can remember and then append or prepend numbers and characters to make these pass phrases complex. \"Every good boy does fine +123\" works. Pick your favorite song lyric and year. Associate your pass phrase with the target system to make it easier to remember. Whatever you do, don\’t share your passwords and don\’t reuse them. Once a cybercriminal gains access to one of your target systems by cracking your password, all your other systems are at risk.</p> <p> </p> <p>Really, the best option for enterprises going forward is continuous behavioral based authentication. Look it up. It\’s there and it works. We actually offer a solution for risk-based authentication. This is how organizations can make the authentication process more secure and frictionless for users. It turns out you can improve security while reducing consumer friction!</p>

Last edited 1 year ago by Saryu Nayyar
Tom Garrubba
Tom Garrubba , Senior Director and CISO
InfoSec Expert
May 6, 2021 12:53 pm

<p>Poor passwords continue to be one the easiest and most common vectors for a threat actor to access and steal information. I attribute this largely due to the expediency of life. Since people generally have lost their patience to wait, so why should getting information or placing an order online be any different? We’ve become accustomed to “instant gratification” and getting onto a phone or web app to place an order or even to just browse content is being impeded by the time it takes to enter in your userID, password and even an additional code sent to your phone (two-factor authentication) seem tedious to many.  So naturally, the workaround for this becomes an easily guessed password that is rarely – if ever changed.</p>

Last edited 1 year ago by Tom Garrubba
Baber Amin
Baber Amin , COO
InfoSec Expert
May 6, 2021 12:55 pm

<p>Have passwords, get hacked! Passwords and other static knowledge-based verification methods are archaic, but for now, it is hard to get rid of them completely.  The goal that all organizations should be going for is reducing their password-related threat to surface or footprint with a passwordless approach combined with biometrics and device+user behavior, and bio-mechanic analysis approach.  The goal is to create a strong binding between a user, their behavior, and the user agent in order to create an enhanced security and user experience.</p>

Last edited 1 year ago by Baber Amin
Kaylee Prior
Kaylee Prior , Senior Product Manager
InfoSec Expert
May 6, 2021 2:49 pm

<p>As businesses and people continue to adapt to remote-first work and lifestyles, there will be an increased need to secure their digital tools and content while ensuring a frictionless technology experience. Using a good password manager can help businesses and people keep their online work environments organised, easy to navigate and safe.</p>

Last edited 1 year ago by Kaylee Prior
Oliver Cronk
Oliver Cronk , Chief IT Architect, EMEA
InfoSec Expert
May 6, 2021 2:50 pm

<p>With the National Cyber Security Centre recently revealing that <a href=\";!!KRkdd9U!tRl4Gz2TtIdnEFd98rGuXt56q8bbLIBecIpKr4vlIPRlnKoKbK8IjYYfqDMLNloE$\" data-saferedirecturl=\";!!KRkdd9U!tRl4Gz2TtIdnEFd98rGuXt56q8bbLIBecIpKr4vlIPRlnKoKbK8IjYYfqDMLNloE$&source=gmail&ust=1620397058268000&usg=AFQjCNHk780N3J6gx5swuHhO86Zo54gRVA\">more than 10% of the UK population is using passwords that can be easily predicted</a>, such as pet names and significant dates, it’s clear that there is still work to be done on IT hygiene to help protect both businesses and the public. </p> <p> </p> <p>For businesses, that means using events like World Password Day to bring awareness and context to an important part of IT hygiene. But they shouldn\’t stop with just passwords. It\’s a good time to also examine their access protocols too. Breaking a weak password simply provides access. What a cyber attacker can do with that access is where organizations should focus their time.  </p> <p>As a large number of organisations continue to grant employees remote access to data and applications, they need to ensure they have the fundamentals of IT hygiene in place to protect against the increased attack surface that cyber attackers are looking to exploit. A key part of this is making sure that administrative rights have been managed effectively. We’ve seen cases in large companies where more than 20,000 users have had the wrong level of access to company data and applications. My advice would be to adopt the principle of least privilege and only give users access to the resources that are essential for them to do their jobs. This is an important aspect of a zero trust approach which requires each access point to be verified.</p>

Last edited 1 year ago by Oliver Cronk
David Sygula
David Sygula , Senior Cybersecurity Analyst
InfoSec Expert
May 6, 2021 2:52 pm

<p>Data leaks are inevitable, and passwords can be a goldmine in a breach. Periodically checking your sensitive details on sites like Have I been pwned or enhancing the privacy features on your web browser that let you know about breaches, are good ways to get to grips with knowing where your important details are in the wild.<u></u><u></u></p> <p> </p> <p>If you have been part of a breach, reset all your passwords, ensure two-factor authentication is in place and be cautious of unusual activity associated with your accounts. Use one password for one account, and think of using passphrases, which are easier to remember than complicated chains of characters. \"I am 42 years old.\" is for example both a strong and easy password to remember. You can also use a password manager to store your passwords safely in one vault, besides, it helps make signing into accounts stress-free.</p>

Last edited 1 year ago by David Sygula
Stephen Ritter
InfoSec Expert
May 6, 2021 2:57 pm

<p>The problem with passwords isn’t that consumers like them, or that many of us have just a handful of passwords granting access to hundreds of accounts. Yes, passwords are one of our biggest vulnerabilities – but this is not the consumer’s fault. The fault lies with the technology industry. We have not yet created a better solution, one strong and convenient enough to keep consumers safe and attackers out.</p> <p> </p> <p>In the last ten years, our shift to a digital economy has created the perfect automation infrastructure for attackers to abuse. It’s easier than ever for attackers to go on the dark web, pay for a database of breached passwords, and then have their software do its work, thousands of login attempts at a time. Put simply, no matter what we do, the numbers game won’t be in our favour.</p> <p> </p> <p>This is a problem that the technology industry has created – so it’s up to us to find the solution. Moving away from passwords to biometrics is a great idea, but it will be a while before that happens at scale. In the meantime, we can improve security significantly by encouraging the use of easier to remember ‘passphrases’, over arbitrarily complex passwords. Combining passphrases with the use of a password manager can significantly increase security and usability at the same time.</p> <p> </p> <p>The onus, therefore, is on technology providers, retailers, marketplaces and anywhere we log in online to change the way they prompt and advise us to create passwords. An integral part of the user experience should be advising us how to make the strongest passwords possible – and having the back-end technology to enable it.</p>

Last edited 1 year ago by Stephen Ritter
Lucas ‘BitK’ Philippe
Lucas ‘BitK’ Philippe , Technical Ambassador
InfoSec Expert
May 6, 2021 3:14 pm

<p>A password is often the weakest line of defence that hackers can compromise which means its importance cannot be overlooked. </p> <p><br />People often reuse the same password across multiple accounts, but that means a hacker only needs to compromise one account to get access to all the others. </p> <p><br />There is a misconception that adding special characters to your password achieves good security, but this is not enough. A much better method is to create full sentences alongside spaces. Moreover, the true value of a good passwords comes from the size of a password. <a href=\"\" data-saferedirecturl=\"\">Research</a> shows that a password of twelve characters can substantially improve your security compared to say a six-character password.</p> <p> </p> <p>While memorising various complex passwords across multiple devices can seem a chore, the multitude of password managers available can tackle this issue for you. And for those looking to be truly authentic and creative with their password management, consider a phrase with a foreign (non-US) character, those are often overlooked by password cracker. This give an extra dimension to ensure your password is safe and secure.  </p>

Last edited 1 year ago by Lucas ‘BitK’ Philippe
Benoit Grangé
Benoit Grangé , Chief Technology Evangelist
InfoSec Expert
May 6, 2021 3:15 pm

<p>A lot of attention today will be on making passwords tougher to crack, but in many respects this conversation is outdated, and we should be looking at moving beyond passwords altogether. Passwords are inconvenient and riskier than other authentication options available today because they can be guessed, stolen, or cracked. While we won\’t see passwords go completely away anytime soon, a passwordless approach could be the answer to many user friction and security challenges. A recent <a href=\";!!DZ56qYBuutOgaEbgjQ!5OvrcVk_LfUqitF14ar_wHTRtYw1mvgiqYjsymx61ZnnaQ8K2uKXr-9CGWzgsSKTJEUu$\" data-saferedirecturl=\";!!DZ56qYBuutOgaEbgjQ!5OvrcVk_LfUqitF14ar_wHTRtYw1mvgiqYjsymx61ZnnaQ8K2uKXr-9CGWzgsSKTJEUu$&source=gmail&ust=1620397053811000&usg=AFQjCNHhiRbCNIBbVC7qNbHH31Wwp-vQfA\"> VISA survey</a> found consumers are ready to leave the password behind. Seventy percent of consumers believe that biometrics are always more comfortable as they do not involve memorising passwords.</p> <p> </p> <p>With a plethora of other data pointing to a continuing upward trend in biometric usage, new risk-based multifactor authentication with fingerprint, face, or iris recognition could be the solution that will finally free us from the burden of endless passwords, opening the doors to a brighter, passwordless future.</p>

Last edited 1 year ago by Benoit Grangé
Jerome Becquart
InfoSec Expert
May 6, 2021 3:16 pm

<p>In the age of digital business transformation, enterprises are facing increasingly sophisticated threats. Your security perimeter needs to be secured for every identity and interaction on your network. Passwords are not strong enough to defend your perimeter. The average password takes 13 seconds to hack, making it all too easy for hackers to breach your system. This World Password Day, it’s now essential to get rid of passwords and move to fully passwordless authentication. By utilizing multi-factor authentication, FIDO2, and PKI instead, organizations can eliminate passwords and limit the impact of cyberthreats.</p>

Last edited 1 year ago by Jerome Becquart
Niamh Muldoon
Niamh Muldoon , Senior Director of Trust and Security EMEA
InfoSec Expert
May 6, 2021 3:17 pm

<p>Security is always adapting in this day and age. This World Password Day, I want to emphasize that a \"password\" or \"password-less\" multi-factor authentication mechanism should be your only authentication type of question. Working from anywhere is here, with identity and access management the foundation to its success.</p>

Last edited 1 year ago by Niamh Muldoon
Information Security Buzz
Would love your thoughts, please comment.x