This is part of a running commentary series for #WorldPasswordDay 2021.
Each year on the first Thursday in May, World Password Day strives to encourage users to elevate their password security strategy.
We heard from cybersecurity experts on what strong password security looks like and what the future of passwords holds. Ashish Gupta, CEO & President, Bugcrowd:
“World Password Day is an opportunity to take a step back and examine what the future holds for secure logins. To date, over 600 million passwords have been exposed through data breaches. Needless to say, standalone password protection is an insufficient and ineffective method of protecting organizations and sensitive information. Weak, insufficient and stolen credentials are common causes for breaches and hacks that often result in millions of dollars in damages and data loss. It’s more important than ever before for companies to rely on two-factor authentication that also incorporates additional login tokens or one-time codes to fully obtain access. This adds in another layer of security to help address the password problem, but still hasn’t solved it entirely as hackers can still gain access through authentication code interception techniques and SIM swapping.
While two-factor is a step up from traditional password safety, modern day problems require modern solutions, and passwordless authentication may hold the future key to more effectively securing credentials. Passwordless authentication is an intriguing and hopefully superior option in the near future, but it’s not a standalone panacea for security concerns. Coupling in additional measures such as Zero Trust, crowdsourced cybersecurity and proactive threat detection will keep enterprises secure and information safely protected in the future.”
Dave Wagner, CEO, Zix:
“World Password Day is an excellent time for individuals and businesses to reflect on their current password practices and ensure they are building the safest habits to protect themselves and their company from cybercriminals. Many are under the assumption that if they are taking the steps to create unique passwords for each platform and application, they are secure. But it's not enough.
The number of headline-grabbing breaches that have taken place over the last year highlight the critical need for safeguards across the entire company network. While there are a few different ways to protect login credentials beyond a simple username and password, one of the most popular and effective options is two-factor authentication (2FA). Implementing 2FA provides an extra layer of security by making users confirm their identity, most often via a unique code sent to the user's phone, email address or through an authenticator app, after entering their username and password. It’s getting easier for cybercriminals to breach even the most complex password, which is why implementing 2FA is critical.
Email is a common point of attack because it often contains sensitive and valuable communications. Organizations should also consider implementing an email security solution that conducts a security audit to analyze its admins, users, mailboxes, and rules for vulnerabilities such as outdated passwords so they can be resolved before a breach happens. Organizations should use World Password Day to evaluate their internal Password Policies and send reminders to employees and customers alike about the importance of good password hygiene.”
Surya Varanasi, CTO of Nexsan, a StorCentric Company:
“Few would argue that creating strong passwords must remain a priority. However, even after creating a seemingly impenetrable password using every best practice possible, undiscovered threats might still be able to penetrate them and expose your environment to unnecessary risk.
But if your organization has data that is too important to lose, too private to be seen and too critical to be tampered with then you must take the next step to thwart cyber-criminals. This can be accomplished by employing a strategy that enables you to unobtrusively offload data from what is likely expensive primary storage (cost savings is another bonus here) to a cost-effective storage solution that is engineered specifically to be regulatory compliant and tamper-proof from even the harshest ransomware attacks. And since backups have become the latest malware targets, the storage platform should include “unbreakable backup” meaning it includes an active data vault that creates an immutable copy, which makes recovery of unaltered files fast and easy - so there’s zero operations disruption and never any need to pay ransom.”
JG Heithcock, GM of Retrospect, a StorCentric Company:
“A global survey conducted by Gartner found that 88% of business organizations mandated or encouraged employees to work from home (WFH) as a result of the COVID-19 pandemic. With millions of workers around the world now having to access their organization’s data remotely, data protection was put under increased pressure. For many, the answer was to employ a strong password -- oftentimes, requesting that employees do so employing a random mix of no less than 15 characters. Undeniably, this was a step that could not be ignored. Unfortunately, many learned the hard way that this was not enough to stop today’s increasingly determined and aggressive cyber-criminals. And given that research, such as that from the Harvard Business School, shows that the WFH paradigm will likely endure, it is clear that stronger measures must also be taken.
The next step in the data protection and business continuity process for virtually any organization (or personally, for that matter) is an effective backup strategy. And the good news is that there is no need to reinvent the wheel here. A simple 3-2-1 backup strategy will do the trick. This means that data should be saved in at least three locations -- one on the computer, one on easy-to-access local storage and another on offsite storage. The options range from local disk, to removable media, to the cloud and even tape. And, if at least one copy is “air-gapped” meaning completely unplugged from the network, all the better.
In 2021 and beyond, multi-layered data protection strategies - such as those employing strong passwords combined with thorough backup practices - will help to ensure you, your data and your organization remain protected in the event of a simple accident, cyber-attack or any other disaster.”