Experts Comments on World Password Day

BACKGROUND:

As World Password Day is coming up on the 6th of May it reminds us of the importance of protecting ourselves through strong passwords. World Password Day helps people to improve passwords that they use for their online accounts and provide sources to learn more about cybersecurity. 

Subscribe
Notify of
guest
25 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Niamh Muldoon
Niamh Muldoon , Senior Director of Trust and Security EMEA
InfoSec Expert
May 6, 2021 3:17 pm

<p>Security is always adapting in this day and age. This World Password Day, I want to emphasize that a \"password\" or \"password-less\" multi-factor authentication mechanism should be your only authentication type of question. Working from anywhere is here, with identity and access management the foundation to its success.</p>

Last edited 1 year ago by Niamh Muldoon
Jerome Becquart
InfoSec Expert
May 6, 2021 3:16 pm

<p>In the age of digital business transformation, enterprises are facing increasingly sophisticated threats. Your security perimeter needs to be secured for every identity and interaction on your network. Passwords are not strong enough to defend your perimeter. The average password takes 13 seconds to hack, making it all too easy for hackers to breach your system. This World Password Day, it’s now essential to get rid of passwords and move to fully passwordless authentication. By utilizing multi-factor authentication, FIDO2, and PKI instead, organizations can eliminate passwords and limit the impact of cyberthreats.</p>

Last edited 1 year ago by Jerome Becquart
Benoit Grangé
Benoit Grangé , Chief Technology Evangelist
InfoSec Expert
May 6, 2021 3:15 pm

<p>A lot of attention today will be on making passwords tougher to crack, but in many respects this conversation is outdated, and we should be looking at moving beyond passwords altogether. Passwords are inconvenient and riskier than other authentication options available today because they can be guessed, stolen, or cracked. While we won\’t see passwords go completely away anytime soon, a passwordless approach could be the answer to many user friction and security challenges. A recent <a href=\"https://urldefense.com/v3/__https:/usa.visa.com/visa-everywhere/security/how-fingerprint-authentication-works.html__;!!DZ56qYBuutOgaEbgjQ!5OvrcVk_LfUqitF14ar_wHTRtYw1mvgiqYjsymx61ZnnaQ8K2uKXr-9CGWzgsSKTJEUu$\" data-saferedirecturl=\"https://www.google.com/url?q=https://urldefense.com/v3/__https:/usa.visa.com/visa-everywhere/security/how-fingerprint-authentication-works.html__;!!DZ56qYBuutOgaEbgjQ!5OvrcVk_LfUqitF14ar_wHTRtYw1mvgiqYjsymx61ZnnaQ8K2uKXr-9CGWzgsSKTJEUu$&source=gmail&ust=1620397053811000&usg=AFQjCNHhiRbCNIBbVC7qNbHH31Wwp-vQfA\"> VISA survey</a> found consumers are ready to leave the password behind. Seventy percent of consumers believe that biometrics are always more comfortable as they do not involve memorising passwords.</p> <p> </p> <p>With a plethora of other data pointing to a continuing upward trend in biometric usage, new risk-based multifactor authentication with fingerprint, face, or iris recognition could be the solution that will finally free us from the burden of endless passwords, opening the doors to a brighter, passwordless future.</p>

Last edited 1 year ago by Benoit Grangé
Lucas ‘BitK’ Philippe
Lucas ‘BitK’ Philippe , Technical Ambassador
InfoSec Expert
May 6, 2021 3:14 pm

<p>A password is often the weakest line of defence that hackers can compromise which means its importance cannot be overlooked. </p> <p><br />People often reuse the same password across multiple accounts, but that means a hacker only needs to compromise one account to get access to all the others. </p> <p><br />There is a misconception that adding special characters to your password achieves good security, but this is not enough. A much better method is to create full sentences alongside spaces. Moreover, the true value of a good passwords comes from the size of a password. <a href=\"https://www.scientificamerican.com/article/the-mathematics-of-hacking-passwords/\" data-saferedirecturl=\"https://www.google.com/url?q=https://www.scientificamerican.com/article/the-mathematics-of-hacking-passwords/&source=gmail&ust=1620397053816000&usg=AFQjCNF0aVLZ-7tYgSko03u5jYB75B8h5w\">Research</a> shows that a password of twelve characters can substantially improve your security compared to say a six-character password.</p> <p> </p> <p>While memorising various complex passwords across multiple devices can seem a chore, the multitude of password managers available can tackle this issue for you. And for those looking to be truly authentic and creative with their password management, consider a phrase with a foreign (non-US) character, those are often overlooked by password cracker. This give an extra dimension to ensure your password is safe and secure.  </p>

Last edited 1 year ago by Lucas ‘BitK’ Philippe
Stephen Ritter
InfoSec Expert
May 6, 2021 2:57 pm

<p>The problem with passwords isn’t that consumers like them, or that many of us have just a handful of passwords granting access to hundreds of accounts. Yes, passwords are one of our biggest vulnerabilities – but this is not the consumer’s fault. The fault lies with the technology industry. We have not yet created a better solution, one strong and convenient enough to keep consumers safe and attackers out.</p> <p> </p> <p>In the last ten years, our shift to a digital economy has created the perfect automation infrastructure for attackers to abuse. It’s easier than ever for attackers to go on the dark web, pay for a database of breached passwords, and then have their software do its work, thousands of login attempts at a time. Put simply, no matter what we do, the numbers game won’t be in our favour.</p> <p> </p> <p>This is a problem that the technology industry has created – so it’s up to us to find the solution. Moving away from passwords to biometrics is a great idea, but it will be a while before that happens at scale. In the meantime, we can improve security significantly by encouraging the use of easier to remember ‘passphrases’, over arbitrarily complex passwords. Combining passphrases with the use of a password manager can significantly increase security and usability at the same time.</p> <p> </p> <p>The onus, therefore, is on technology providers, retailers, marketplaces and anywhere we log in online to change the way they prompt and advise us to create passwords. An integral part of the user experience should be advising us how to make the strongest passwords possible – and having the back-end technology to enable it.</p>

Last edited 1 year ago by Stephen Ritter
25
0
Would love your thoughts, please comment.x
()
x