Expert Comments

World Password Day – Cybersecurity Expert Comments

Expert(s): Security Experts
Expert(s): Security Experts

Intel created World Password Day (the first Thursday of May, which is May 7 in 2020) to address the critical need for solid passwords to protect our critical assets such as our bank accounts, our health records or maybe just our emails. We spoke with number of experts to highlight the importance of password and what are the best practices to create an effective password.

Experts Comments

Dot Your Expert Comments
Csaba Galffy
May 07, 2020
Product Marketing Manager of MFA and Password Management
One Identity

Now is the best time to implement the most recent updates in password policy guidelines.
Csaba Galffy, Product Marketing Manager of MFA and Password Management and One Identity: "A compromised password is always costly – and the stakes are now higher than ever. Organisations finding themselves having to roll out remote access have effectively created a whole new attack surface. Potential attackers now don’t have to deal with the physical security of your office buildings, and as long as they have the correct login data, they can access the corporate network with all its.....Read More
Csaba Galffy, Product Marketing Manager of MFA and Password Management and One Identity: "A compromised password is always costly – and the stakes are now higher than ever. Organisations finding themselves having to roll out remote access have effectively created a whole new attack surface. Potential attackers now don’t have to deal with the physical security of your office buildings, and as long as they have the correct login data, they can access the corporate network with all its riches. Considering the billions of login data stolen from various organizations in gigantic data breaches, we recommend changing passwords for all remote workers as the work-from-home program is rolled out. Now is also the best time to implement the most recent updates in password policy guidelines. Industry recommendations, like the NIST-published Digital Security Guidelines and the Microsoft Security Baseline, now recommend dropping password expiration policies, removing complexity rules, and asking for longer passwords."  Read Less
Allen Storey
May 07, 2020
Chief Product Officer
Intercede

It’s time we confined passwords to history and replaced them with something fit for purpose.
World Password Day is intended to raise awareness of good password hygiene and promote the use of strong passwords to protect ourselves and our networks from harm. However, in 2020, with the vast majority of data breaches being caused by weak or compromised user credentials, passwords are the security equivalent of locking a cardboard front door. It’s high time we looked beyond passwords to more secure forms of identity incorporating multiple factors of authentication to verify who can access .....Read More
World Password Day is intended to raise awareness of good password hygiene and promote the use of strong passwords to protect ourselves and our networks from harm. However, in 2020, with the vast majority of data breaches being caused by weak or compromised user credentials, passwords are the security equivalent of locking a cardboard front door. It’s high time we looked beyond passwords to more secure forms of identity incorporating multiple factors of authentication to verify who can access our systems and data. Improving security without worsening the user experience can be challenging. However, new technologies and standards are making secure, seamless authentication easier to use and companies like Intercede are working to make them easy to manage at scale. It’s time we confined passwords to history and replaced them with something fit for purpose.  Read Less
Terry Ray
May 07, 2020
Senior Vice President and Fellow
Imperva

Please change your password regularly and always use very strong passwords.
This World Password Day is like no other. In years gone by, we didn’t face the challenge of a large number of employees working from home and even more susceptible to cyber threats. We have all heard the radio adverts and the ongoing plea to protect yourselves when it comes to banking, shopping online and downloading files, but we are forgetting one of the simplest tasks – changing your password and making sure it is secure! A worrying number of people still fail to change their weak.....Read More
This World Password Day is like no other. In years gone by, we didn’t face the challenge of a large number of employees working from home and even more susceptible to cyber threats. We have all heard the radio adverts and the ongoing plea to protect yourselves when it comes to banking, shopping online and downloading files, but we are forgetting one of the simplest tasks – changing your password and making sure it is secure! A worrying number of people still fail to change their weak passwords or use the same password across different sites. Yes it is laborious on an individual level, but it is vital especially as businesses are more inclined to use one portal to host a number of applications and data. The result of poor passwords and rarely changed passwords has been highlighted by various sources for years. Roughly 80% of all hacking related breaches involved weak or leaked passwords. Further, 29% of breaches involve the use of stolen credentials. Some businesses see a 300% increase of account takeover attempts after a leak of login credentials, even if the leaked credentials were not leaked from the victim organisation. Like milk, your passwords have an expiration period, after-which you should assume they are known and it’s time for a change, never to reuse the old. Our recommendation to businesses would be to ensure you are addressing the problem early on, and invest in the tools you might need to protect your enterprise. This could be through a password manager or setting up a two-factor authentication process for your employees. Please change your password regularly and always use very strong passwords.  Read Less
Joseph Carson
May 07, 2020
Thycotic
Chief Security Scientist

Ensure that you have started to use passphrases to help make your password long and include some complexity as well.
World Password Day is a day to review your password hygiene to ensure you are up to date with the latest best practices. It is always important to review your current password habits and one of the most important topics this year is which of your passwords is the only thing protection your accounts, meaning you have not combined it with another security control such as two-factor authentication. Passwords are usually the only security protecting most people’s sensitive information and this.....Read More
World Password Day is a day to review your password hygiene to ensure you are up to date with the latest best practices. It is always important to review your current password habits and one of the most important topics this year is which of your passwords is the only thing protection your accounts, meaning you have not combined it with another security control such as two-factor authentication. Passwords are usually the only security protecting most people’s sensitive information and this year you should do a detailed review of what your bad habits are. Most passwords can be easily cracked, with approximately 20% of passwords using commons known words that are available in dictionaries, making them easily guessed. For many, passwords are used repeatedly for all types of accounts, such as your corporate Salesforce login, your Facebook account or your bank. And for some, that favorite password may be older than your current relationship. The problem is that it’s putting you at risk of identity theft, ransomware, an online account hack, computer viruses and more. It is also important when you do change your password to only perform this task from a safe network and not a public location. This year, review your password best practices. Ensure that you have started to use passphrases to help make your password long and include some complexity as well, although the debate about how frequent you should change your password continues. My recommendation is that it should not be older than one year. It’s best not to wait until you are notified about a data breach as it usually means cybercriminals had access for longer than two hundred days.  Read Less
Niamh Muldoon
May 07, 2020
Senior Director of Trust and Security, EMEA
OneLogin

OneLogin’s survey also highlights that UK consumers are the worst in the world for WiFi security.
Working from home can often blur the line between work and leisure as many share or use work devices outside of office hours. This issue is highlighted by OneLogin’s World Password Day survey where 1 in 5 global respondents admitted to sharing the password to their corporate device with a spouse or child. However, World Password Day today presents the opportunity to promote and implement good password habits, so I encourage everyone to take a look at their password hygiene. This could mean.....Read More
Working from home can often blur the line between work and leisure as many share or use work devices outside of office hours. This issue is highlighted by OneLogin’s World Password Day survey where 1 in 5 global respondents admitted to sharing the password to their corporate device with a spouse or child. However, World Password Day today presents the opportunity to promote and implement good password habits, so I encourage everyone to take a look at their password hygiene. This could mean updating and strengthening the passwords which protect your personal information, utilising multi-factor authentication rather than single factor authentication such as a password, or simply updating the way you store your passwords in order to protect yourself from data breaches. OneLogin’s survey also highlights that UK consumers are the worst in the world for WiFi security, with 50% not having changed their WiFi password in more than a year, compared to the global average of 36%. But the risks associated with weak credentials are well known, as malicious actors continue to exploit the remote working situation so, today on World Password Day take a look at your password practices, create strong complex passwords, remember not to repeat passwords and ideally, to embed multi-factor authentication which acts as a more secure method of protecting access to data and systems than single factor authentication like a password.  Read Less
Mark de Simone
May 07, 2020
VP and MD, UK and Nordics, MEA, Italy, India and Asia
Wallix

With privileged access, users will have a limited view into highly sensitive data.
The consequences of a password breach can be catastrophic, providing cyber criminals with an open door to highly-sensitive company data. As a result, we have seen many organisations trying to enhance password security, by creating minimum complexity requirements and implementing frequent rotation. However, the challenge is that strong password security is often now seen as a trade-off, between what is easy to remember and what is secure. We are on the cusp of developing and implementing new.....Read More
The consequences of a password breach can be catastrophic, providing cyber criminals with an open door to highly-sensitive company data. As a result, we have seen many organisations trying to enhance password security, by creating minimum complexity requirements and implementing frequent rotation. However, the challenge is that strong password security is often now seen as a trade-off, between what is easy to remember and what is secure. We are on the cusp of developing and implementing new authentication options, such as biometrics and other powerful access management systems which will create a password free IT landscape, but to some extent this can also be breached. As a result, organisations should also look at how to limit the impact of a potential breach by preventing users from seeing everything on their network. With privileged access, users will have a limited view into highly sensitive data, and this can be restricted not only by role, but also by factors such as time and location. One fact that remains untouched is that users still need a password or authorisation in some form – so we should look beyond password strengthening and complement this with a failsafe.  Read Less
Adam Palmer
May 07, 2020
Chief Cybersecurity Strategist
Tenable

Everytime a researcher with time on their hands searches through the stolen password databases.
Inspired by Mark Burnett’s book – Perfect Passwords, Intel took the initiative and introduced ‘World Password Day’ in 2013 to raise awareness to the importance of creating strong passwords – seven years later and it’s still a bone of contention! The sheer volume of stolen users’ passwords available for sale on the Dark Web highlights that the issue is less about creating strong passwords or phrases, and more about users creating unique codes for each online account to limit the.....Read More
Inspired by Mark Burnett’s book – Perfect Passwords, Intel took the initiative and introduced ‘World Password Day’ in 2013 to raise awareness to the importance of creating strong passwords – seven years later and it’s still a bone of contention! The sheer volume of stolen users’ passwords available for sale on the Dark Web highlights that the issue is less about creating strong passwords or phrases, and more about users creating unique codes for each online account to limit the damage from database breaches. Everytime a researcher with time on their hands searches through the stolen password databases, it reveals millions are still using 123456 as a password, so the chances of changing password behaviour is nothing short of a miracle. Given the reliance on passwords doesn’t appear to be reducing, and if anything our virtual identities are increasing, password managers that create and store complex passwords are essential. This year, as a spotlight is once again shone on passwords, instead of advocating complex recipes and codes, do yourself a favour and automate.  Read Less
Anthony Dickinson
May 07, 2020
CRO 2MC
TUV Rheinland

These should be at least 12 characters long with a combination of letters, numbers and symbols.
The best thing you can do is have a password manager and make sure you have a different password for every login. These should be at least 12 characters long with a combination of letters, numbers and symbols. While it will be impossible to remember all of these passwords, I recommend using the technological affordances granted to us by deploying a password manager. This means that your account will not suffer from brute force attacks – because random passwords are almost impossible to guess. .....Read More
The best thing you can do is have a password manager and make sure you have a different password for every login. These should be at least 12 characters long with a combination of letters, numbers and symbols. While it will be impossible to remember all of these passwords, I recommend using the technological affordances granted to us by deploying a password manager. This means that your account will not suffer from brute force attacks – because random passwords are almost impossible to guess. Even if an account is breached, it will only be one account and not all of them. Too often consumers are using and reusing simple passwords, and this makes each of their incredibly vulnerable to cybercriminals.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

~200K US Military Vets’ Medical Records Leaked by 3rd Pty...

Experts Responses on Verizon DBiR Findings

Expert Reaction On Researcher Proves AirTags Can Be Hacked

Babuk Ransomware Gang Again Threatens DC Police Data Release

UK Home Secretary Warns Not To Pay Out To Ransomware...

U.S. Issues Ransomware Advice For Critical Infrastructure

Android Banking Trojan- Experts Insight

TeaBot Android Bank Trojan Steals EU User Credentials

NCSC Active Cyber Defence Fourth Year Report

Expert Commentary: CaptureRx Data Breach