This is part of a running commentary series for #WorldPasswordDay 2021.
Each year on the first Thursday in May, World Password Day strives to encourage users to elevate their password security strategy.
We heard from cybersecurity experts on what strong password security looks like and what the future of passwords holds. Joseph Carson, chief security scientist & advisory CISO, ThycoticCentrify:
“It is World Password Day, which means it is time to reflect on your current password hygiene and determine if your password choices are putting you at serious risk of becoming a victim of cybercrime. According to the UK National Cyber Security Centre (NCSC), 15% of the population uses pets' names, 14% uses a family member's name, and 13% picks a notable date. In fact, the weak password problem is so severe that the UK recently proposed new internet and IoT reforms that would make using “password” as your password illegal.
Passwords remain one of the biggest challenges for both consumers and businesses around the world. Thanks to the SolarWinds security incident in late 2020, we were all reminded that a poor password choice can not only impact your own organization but all connected organizations as well. This was likely one of the biggest supply chain cyberattacks in history -- all stemming from poorly-created passwords.
If you are a consumer, start by using a password manager today. If you are a business leader, you should move beyond password managers straight into privileged access security. Rotating and choosing passwords is one of the biggest causes of cyber fatigue, so organizations can reward employees with privileged access security solutions that will eliminate one of their biggest work headaches and introduce security solutions that they will want to use. Privileged access security is one of the few security solutions that will transform your employee password experience into one that will make them more productive -- and you’ll never need to create unique, complex passphrases for every account as privileged access management (PAM) will do that for them. It’s time to increase security and ease stress by moving passwords into the background with a modern PAM solution.”
Neil Jones, cybersecurity evangelist, Egnyte:
“Recently, one of the largest data dumps in history, referred to as COMB (Compilation of Many Breaches), exposed an astronomical 3.2 billion passwords linked to 2.18 billion unique email addresses. This is frightening news for all of us, but it’s particularly worrisome for IT leaders. So many of them are kept up at night with a gnawing concern: How do I manage the growing risk of data breaches, with a large proportion of my employees working remotely?
Remote work can lead to employees accessing unsanctioned devices, apps and networks, particularly when they experience issues with work-related IT resources. This broadens the attack surface for bad actors and leaves few checks in place for careless behavior that can result in data leaks.
To commemorate World Password Day, we’d like to remind you about practical steps that you can take to protect your valuable information, while embracing today’s work-from-home environment:
Educate your employees on password safety – Teach your users that commonplace passwords such as “123456,” “password” and their pets’ names can put your data and their personal reputations at risk. Remind users that passwords should never be shared with anyone.
Institute two-factor authentication – IT administrators should require additional login credentials during the users’ authentication process, to prevent potential account breaches. This can be as simple as a user providing their password, then entering an accompanying numeric code from an SMS text.
Set passwords for personal devices – Personal devices are on the rise in a remote-work environment and are particularly vulnerable to data theft, so encourage your employees to password-protect them.
Change your Wi-Fi password regularly – Remember that potential hackers are often working from home, just like us. If you haven’t updated your Wi-Fi password recently, do it immediately.
Establish mandatory password rotations – Greatly reduce exploitation of default and easily-guessable employee credentials by making your employees change their passwords regularly.
Update your account lockout requirements – Prevent brute force password attacks by immediately locking out access points after several failed login attempts.”