This part 1 of our #WorldPasswordDay series. World Password Day is an important annual event that raises awareness about the importance of creating and using strong passwords to secure our online accounts. With more and more of our personal and professional lives taking place online, the risks associated with weak passwords have become more significant than ever. Cybercriminals are constantly finding new ways to steal passwords and gain unauthorized access to sensitive information, making it essential for individuals and organizations alike to take proactive steps to protect themselves. World Password Day serves as a reminder that we all have a responsibility to safeguard our online identities and encourages us to adopt good password practices to keep our digital lives secure. We heard from security and identity management experts from around the industry on how critical strong password security is for organizations and end-users alike:
Dylan Owen, Associate Director, Cyber Protection Services, Raytheon Intelligence & Space
“As organizations continue to grow, populating networks and systems with an increasing amount of users, repetitive passwords have increased dramatically. This ultimately heightens the risk of systems being infiltrated and sensitive data being exposed. Because it can be costly and unfamiliar to switch to potential security alternatives, organizations tend to stick to their typical password protection measures, thus promoting password reuse. However, there is a high pay-off to taking proactive steps now, in ensuring that passwords are secure before it is too late. Multi-factor authentication with a physical device/token is a simple and highly effective step that an organization should consider utilizing. Reducing the problems that often come with password authentication and authorization and eliminating the need to memorize or keep track of passwords, this security measure makes it easy for the user, while also keeping data highly protected. Providing a password manager can also be considered, providing users with complex, unique passwords for each system. This would also avoid the need to remember or write down passwords, as they would be stored securely in the password manager.”
Fran Rosch, CEO, ForgeRock
“Our industry has been talking about the vulnerability of weak passwords for years, yet data breaches are still a major concern, and organizations underestimate the risks associated with relying on passwords to protect valuable information. Closely monitoring password activity is critical to ensuring that attackers haven’t slipped through a company’s security. For example, if an employee gets locked out of the system and does not request help from their IT team, that person’s credentials are now at risk.
Abolishing weak passwords by going passwordless significantly helps enterprises reduce risk and stop threats at scale. As identity theft and breaches reach unprecedented levels, organizations need to take advantage of technology that strengthens security. This includes the adoption of passwordless solutions that incorporate things like biometrics, authenticator apps, tokens, and certificates, as well as AI-based access management. As we reflect on World Password Day, it’s clear that unless we eliminate passwords altogether, we will continue to live in a lose-lose situation where online experiences will remain frustrating for users and attackers continue to keep stealing our information.”
Rick McElroy, Principal Cybersecurity Strategist, VMware
“Despite the security industry’s many innovations that were on display at RSA last week, many organizations are still relying on dated authentication methods like passwords to protect their networks.
User ID and passwords can ultimately be the weakest link in an organization’s cybersecurity strategy, given the efforts by attackers to steal basic credentials to gain access to company data. Multi-factor authentication has helped make it more difficult for hackers to exploit these safeguards, but they continue to be areas of concern.
While alternative strategies to passwords are coming, it will take some time before these new methods are accessible to civilians. Until these new methods are available, security teams should move away from central stores of identities and continue to leverage multi-factor authentication to bolster their organization’s security.“
Will LaSala, Field CTO, OneSpan