This part 2 of our #WorldPasswordDay series. World Password Day is an important annual event that raises awareness about the importance of creating and using strong passwords to secure our online accounts. With more and more of our personal and professional lives taking place online, the risks associated with weak passwords have become more significant than ever. Cybercriminals are constantly finding new ways to steal passwords and gain unauthorized access to sensitive information, making it essential for individuals and organizations alike to take proactive steps to protect themselves. World Password Day serves as a reminder that we all have a responsibility to safeguard our online identities and encourages us to adopt good password practices to keep our digital lives secure. We heard from security and identity management experts from around the industry on how critical strong password security is for organizations and end-users alike.
Joseph Carson, Chief Security Scientist, Delinea
"World Password Day serves as a reminder to reflect and think about your password health. If you’re anything like me, you are not a fan of passwords – having to frequently change them and choose the next great password that is better, longer and more unique than the previous one.
This World Password Day, let’s take a moment and think about how we can remove passwords from our lives and into the background, while making our digital lives safer. A great place to start is by using a Password Manager.
A Password Manager will let you know when your password needs to be changed, when it’s weak, or when it’s reused. Even better, when used in conjunction with multi-factor authentication (MFA), it takes away the tedious take of choosing – and remembering – your next great password.
Let’s use this World Password Day to move passwords out of our lives, into the background, and make our digital world a safer place."
Tonia Dudley, CISO, Cofense
"World Password Day serves as a timely reminder for individuals and organizations alike to revamp their security posture by ensuring one of the internet’s most hackable tools remains secure. Many people are under the assumption that if they have unique passwords, they are automatically secure. This is unfortunately not the case.
While using different passwords across applications, enabling two-factor authentication and regularly changing your passwords are important steps to prevent being hacked, it is not enough in today’s rapidly-changing threat landscape. Many organizations frequently use password expiration emails to remind users to update their passwords. Threat actors take advantage of this as an all-too-common phishing tactic to obtain credentials. In addition to the standard password security measures, organizations must implement proper employee training to recognize phishing emails and keep their passwords away from the hands of cybercriminals."
Roman Arutyunov, Co-founder and SVP Products, Xage Security
“Stolen credentials are involved in many cyberattacks. Estimates from researchers are as high as 80%. These credentials may be stolen by the attacker themselves, or bought on the dark web. Cybersecurity measures such as multi-factor authentication, FIDO2/passwordless authentication, automated credential rotation, and more have made it harder for attackers, but, for every defensive method, attackers develop new tactics, techniques, and procedures (TTPs) to continue their campaigns of theft and destruction. MFA-fatigue attacks are the latest craze, but they won’t be the last identity and credential focused attack tactic. This World Password Day, organizations need to remember the importance of defense-in-depth and recognize that it starts with secure identity and access management as the first step. There have been great advancements in the field of IAM, including multi-factor authentication (MFA) and passwordless login, but these are only part of the picture for an identity-first defense in depth strategy. By controlling, at a granular level, the access that each individual has, you limit the damage that can be done even if one of those credentials are compromised.”
“Securing one’s digital identity is key to maintaining trust throughout one’s online experience – but when the average user is forced to juggle dozens of online accounts, each with their own password, some inevitably slip through the cracks and open up vulnerabilities to fraudsters and threat actors. This becomes particularly worrying in the context of employee offboarding. In fact, nearly half of all former employees admit to still have working passwords from their previous employers, indicating a massive – and too-often overlooked – hole in many businesses’ security plans. All it takes is a single compromised password to allow a threat actor to slip through undetected, masquerading as a legitimate user who’s long forgotten about their valid credentials. Alternative identity verification options, like facial recognition and document scans, are employed worldwide across every sector – from onboarding new hires, social media users and gamers to verifying a customer’s age for restricted purchases. Customers are already on board with alternative authentication methods; it’s up to businesses to make proper use of them. But as useful as these solutions can be for user and employee adoption, many employers neglect to stray from usernames and passwords, leaving errant digital identities of people who have long forgotten to maintain them open to attack – and by extension, leaving entire companies vulnerable by way of someone who’s no longer working for the company. It’s time for businesses to rethink their security standards and consider adding an extra layer of security to the typical username and password to keep access to their data in the correct hands.”
Neil Jones, Director of Cybersecurity Evangelism, Egnyte “On World Password Day, it’s important to remember that despite users’ growing cybersecurity and data protection vigilance, weak passwords, such as 123456, password, and qwerty, are still far too commonplace. This is concerning because easily-guessed passwords can be a treasure trove for cyber-attackers. The good news is that there are several ways organizations can enhance their password management programs, which include: 1) Utilizing Multi-Factor Authentication (MFA). 2) Establishing mandatory password rotations and requiring employees to change their passwords and passphrases on a routine basis. 3) Re-visiting your company's account lockout requirements to ensure that users' access is immediately disabled after multiple failed login attempts. For maximum protection, educating your employees about the significance of password safety is critical, especially reminding them that passwords should never be shared with anyone including your closest business colleagues. Finally, family members should never be permitted to access your business devices.”