World Password Day helps to raise security awareness
The death of the password is something that has been predicted for a very long time. But the venerable means of securing our accounts still clings tenaciously to life.
Today's World Password Day is designed to raise awareness of the continued importance of passwords and the need -- where we do still use them -- to change them and to choose strong words that are not easy to hack.
Naturally there's lots of advice, tips and commentary on offer surrounding passwords, so here’s some of what the experts have to say.
Chris Brooks, founder of CryptoAssetRecovery.com reminds us of the need to change passwords regularly, "The point of World Password Day is to remind people to change their passwords. Think of a password like the oil in your car -- if you don't change it every three months, it becomes less effective -- and failing to change it can destroy your engine. Passwords only work because they are secrets -- but in 2021 more than 16 million accounts were known to have been breached every day. It's extremely likely that some of your passwords are already known to hackers, and they're learning more of them every day. Keep your digital life tuned, and change those passwords!"
"With more than 22 billion connected devices online and cyber attacks on the rise, your data has never been at greater risk," says Brian Spanswick, chief information security officer at Cohesity. "On World Password Day, it's critical that IT managers, SecOps personnel, and, for that matter, all business workers, remember to prioritize password hygiene today and year around. Using a password manager is an effective way to ensure secure passwords, and taking steps to choose a unique password that's regularly updated and varied from device to device can mean the difference between a normal day and a devastating data breach -- where you potentially not only expose your data, but put your company at risk as well."
Tom Bridge, principal product manager at JumpCloud highlights the need for companies to offer multi-factor authentication:
Alongside raising awareness of good password policy on this day, companies should think about identity more generally too. This can make it easier to support your employees around remote and hybrid work, as well as improving your work processes overall. For small businesses, consolidating how you manage your users' access and accounts can help you deliver the services that those users need to work efficiently wherever and whenever they want.
To achieve this, you should deploy multi-factor authentication alongside any passwords that they use. This is an opportunity to look at other ways to improve your efficiency around identity, like using single sign-on to simplify the process. At the heart of authentication is how you connect users to the services and applications that they need every day, and how you can make work easier for them. Passwords and identity management should not get in the way of how people work; they should serve the business in making remote work happen more easily.
Marcin Kleczynski, CEO of Malwarebytes stresses the need to rethink how we protect data. "Whilst access to corporate networks could once have been protected by a single level of security, this approach is no longer viable. If employees have full access to the company network via a username and password, they may as well be giving cybercriminals the proverbial key to the lock. Whether via key loggers, credential interception malware or spear phishing, cybercriminals have developed a wide range of sophisticated methods to access credentials. Remote and hybrid working models further compromise a company’s security. The large number of new and potentially vulnerable access points to networks has meant security measure are significantly weaker. Cybercriminals know this. We need to rethink the way we protect data and embrace contemporary approaches to cybersecurity."
Of course there are plenty of ways to supplement or even replace passwords for greater security. Ricardo Amper, CEO of Incode recommends the use of biometrics. "On this World Password Day, we recommend implementing a new version of the 'password' to ensure optimal security and customer experience: identity verification via biometrics. Using biometric technology to verify someone’s identity instead of passwords can eliminate friction and is more accurate and secure than other mechanisms. Your face is your unique digital identity and is more challenging for cybercriminals to hack. As the shift to a digital-centric era continues, I expect in less than five years’ time our faces will become our passwords -- and ultimately create more trust between consumers and the sites they use."
John Fung, director of cybersecurity operations at MorganFranklin Consulting recommends a single sign-on approach, "Implementing a single sign-on approach is another way to reduce an employee's password management responsibility to a single password. This makes it easier to use strong passwords, similar to password managers. SSO also centralizes authentication management, which can help with access controls, monitoring and logging, compliance, and other Identity and Access Management functions."
Pete Caldecourt, director of product management at Quest says, "As passwords aren’t disappearing anytime soon, we need to reduce the reliance on and responsibility of the individual user. Adding multi-factor authentication continues to be a powerful security measure as part of an overall Zero Trust approach, provided it is implemented in a bespoke and thoughtful way that doesn't leave users frustrated. It is also encouraging to see a continuing upward trend in the adoption of password managers which take the human element out of the equation, implementing complex and unique passwords without the user needing to remember them."
Finally, Stephen Gates, security evangelist at Checkmarx has a clever way of creating secure passwords:
Everyone knows it's important to change old passwords to a strong one, but how do you achieve that? The key to creating strong passwords that are easy to remember is to use a phrase you like, and replace various characters using your own set of rules.
For example, you select a phrase like, 'Dogsmakemehappy'. (Dogs make me happy). Then you create a set of rules you always use. For example, your rules may look something like this:
o is replaced by a zero
e is replaced by 3
and so on.
So, your Dogs make me happy phrase (without spaces) ends up looking like this -- D0gsmak3m3happy -- after you apply your set of rules.
The next question that may arise is, 'can you use this password over and over again?' The answer is yes, but to achieve that, you have to slightly append the phrase. For example, if you wanted to use the password on Facebook, Twitter, and Snapchat, it might look something like this:
Facebook – D0gsmak3m3happy!FB
Twitter – TW!D0gsmak3m3happy
Snapchat - D0gsmak3m3happy!SC
It's really that simple and it’s quite easy to remember.