Intel created World Password Day (the first Thursday of May, which is May 7 in 2020) to address the critical need for solid passwords to protect our critical assets such as our bank accounts, our health records or maybe just our emails. We spoke with number of experts to highlight the importance of password and what are the best practices to create an effective password.
This World Password Day is like no other. In years gone by, we didn’t face the challenge of a large number of employees working from home and even more susceptible to cyber threats.
We have all heard the radio adverts and the ongoing plea to protect yourselves when it comes to banking, shopping online and downloading files, but we are forgetting one of the simplest tasks – changing your password and making sure it is secure!
A worrying number of people still fail to change their weak passwords or use the same password across different sites. Yes it is laborious on an individual level, but it is vital especially as businesses are more inclined to use one portal to host a number of applications and data.
The result of poor passwords and rarely changed passwords has been highlighted by various sources for years. Roughly 80% of all hacking related breaches involved weak or leaked passwords. Further, 29% of breaches involve the use of stolen credentials. Some businesses see a 300% increase of account takeover attempts after a leak of login credentials, even if the leaked credentials were not leaked from the victim organisation. Like milk, your passwords have an expiration period, after-which you should assume they are known and it’s time for a change, never to reuse the old.
Our recommendation to businesses would be to ensure you are addressing the problem early on, and invest in the tools you might need to protect your enterprise. This could be through a password manager or setting up a two-factor authentication process for your employees.
Please change your password regularly and always use very strong passwords.
Csaba Galffy, Product Marketing Manager of MFA and Password Management and One Identity:
\”A compromised password is always costly – and the stakes are now higher than ever. Organisations finding themselves having to roll out remote access have effectively created a whole new attack surface. Potential attackers now don’t have to deal with the physical security of your office buildings, and as long as they have the correct login data, they can access the corporate network with all its riches. Considering the billions of login data stolen from various organizations in gigantic data breaches, we recommend changing passwords for all remote workers as the work-from-home program is rolled out.
Now is also the best time to implement the most recent updates in password policy guidelines. Industry recommendations, like the NIST-published Digital Security Guidelines and the Microsoft Security Baseline, now recommend dropping password expiration policies, removing complexity rules, and asking for longer passwords.\”
World Password Day is a day to review your password hygiene to ensure you are up to date with the latest best practices. It is always important to review your current password habits and one of the most important topics this year is which of your passwords is the only thing protection your accounts, meaning you have not combined it with another security control such as two-factor authentication. Passwords are usually the only security protecting most people’s sensitive information and this year you should do a detailed review of what your bad habits are. Most passwords can be easily cracked, with approximately 20% of passwords using commons known words that are available in dictionaries, making them easily guessed.
For many, passwords are used repeatedly for all types of accounts, such as your corporate Salesforce login, your Facebook account or your bank. And for some, that favorite password may be older than your current relationship. The problem is that it’s putting you at risk of identity theft, ransomware, an online account hack, computer viruses and more. It is also important when you do change your password to only perform this task from a safe network and not a public location.
This year, review your password best practices. Ensure that you have started to use passphrases to help make your password long and include some complexity as well, although the debate about how frequent you should change your password continues. My recommendation is that it should not be older than one year. It’s best not to wait until you are notified about a data breach as it usually means cybercriminals had access for longer than two hundred days.
Working from home can often blur the line between work and leisure as many share or use work devices outside of office hours. This issue is highlighted by OneLogin’s World Password Day survey where 1 in 5 global respondents admitted to sharing the password to their corporate device with a spouse or child. However, World Password Day today presents the opportunity to promote and implement good password habits, so I encourage everyone to take a look at their password hygiene. This could mean updating and strengthening the passwords which protect your personal information, utilising multi-factor authentication rather than single factor authentication such as a password, or simply updating the way you store your passwords in order to protect yourself from data breaches.
OneLogin’s survey also highlights that UK consumers are the worst in the world for WiFi security, with 50% not having changed their WiFi password in more than a year, compared to the global average of 36%. But the risks associated with weak credentials are well known, as malicious actors continue to exploit the remote working situation so, today on World Password Day take a look at your password practices, create strong complex passwords, remember not to repeat passwords and ideally, to embed multi-factor authentication which acts as a more secure method of protecting access to data and systems than single factor authentication like a password.
The consequences of a password breach can be catastrophic, providing cyber criminals with an open door to highly-sensitive company data. As a result, we have seen many organisations trying to enhance password security, by creating minimum complexity requirements and implementing frequent rotation. However, the challenge is that strong password security is often now seen as a trade-off, between what is easy to remember and what is secure. We are on the cusp of developing and implementing new authentication options, such as biometrics and other powerful access management systems which will create a password free IT landscape, but to some extent this can also be breached. As a result, organisations should also look at how to limit the impact of a potential breach by preventing users from seeing everything on their network. With privileged access, users will have a limited view into highly sensitive data, and this can be restricted not only by role, but also by factors such as time and location. One fact that remains untouched is that users still need a password or authorisation in some form – so we should look beyond password strengthening and complement this with a failsafe.