Happy World Password Day! To celebrate, we hear from three cybersecurity experts on how to best individuals can improve upon their password security.
With 31% of global companies being attacked by cybercriminals at least once a day and most of the attacks involving phishing, it is clear that weak passwords remain a major challenge, eight years after the first World Password Day. 2021 Acronis Cyber Protection Week Global Report, 75% of personal IT users and 50% of IT professionals lost data last year, exposing the personal information of themselves, their businesses, and their clients to cybercriminals.
Candid Wüest, Acronis’ VP Cyber Protection Research, shared his recommendations with Top Business Tech on how and why individuals should protect their password security. He says: “Data breaches seem to have become an everyday occurrence. This means that our sensitive data, including account credentials, are more likely than ever to find their way into public view. Even if only a username or a password was leaked, it can still be used with a dictionary list of common passwords, or data from another leak, to find the correct combination of a username and a password,” says Wüest.
“From there, all an attacker needs to do is throw the password in as many accounts as possible, and they are likely to find one that lets them in. These so-called credential stuffing attacks are unfortunately still very successful. This is why password reuse is so dangerous. If your password is leaked or easily guessed, you may have multiple accounts compromised before you even know it has happened.”
- Password Management
Wüest’s first solution is clear. Obtain a password manager: “As a bare minimum, it is time for anyone who isn’t already using a password manager to do so. With these tools, you can easily use long and complex passwords for each account. This not only makes it significantly harder for cybercriminals to crack them but also means that if one password gets leaked, it won’t help an attacker get into any other accounts.”
- Multi-factor authentication MFA
Wüest also recommends enabling multi-factor authentication (MFA) wherever it is available. “Even though there have been successful attacks against text message-based MFA in the past, it still is better than no MFA at all,” he said. “Many password managers are also incorporating MFA into their service, so you don’t need different apps for your passwords and your MFA tokens. In addition to this, password managers can prevent you from copying the credentials to phishing websites as they detect that the website URL has changed. It may be a change in mindset to implement these processes, but a slight shift in how we log in will make it significantly more difficult for an attacker attempting to access our accounts.”
“Additionally, I recommend performing regular password maintenance. This does not necessarily mean going through and changing all of your passwords, but rather reviewing the accounts you have passwords for, and removing any accounts you no longer need. Keeping your passwords to a minimum can also decrease the chances of your usernames and email addresses being stolen. Using a U2F key, which is a physical device that connects to the computer, and biometrics can also add a level of complexity to your credentials. However, it is important to keep in mind that physical keys can be lost or stolen, and biometrics are really more of a username than a password, as you cannot change them.”
- Biometric data
Vince Graziani, CEO, IDEX Biometrics ASA, speaks of the growing importance of biotech in place of passwords: “Today, we store more of our personal information online and on digital devices than ever. To keep those digital identities secure, general cybersecurity advice recommends we update our passwords every 90 days at least. However, that can lead to hastily typed passwords we soon forget or leave scribbled on notes for others to find.
“While it’s quite normal to forget a password, you can’t forget your fingerprint. Thankfully with biometric data, we are offered a more secure and timeless form of authentication that avoids the frustration of constantly updating passwords.”
“As time goes on, it has become increasingly apparent that passwords are no longer adequate to protect us– especially during the pandemic. Now, we are starting to see the continued use of this insufficient mode of authentication putting consumer data at risk and costing businesses money. To resolve this, companies must move towards more heightened security measures, such as using biometric data to authenticate entry to corporate buildings, networks and devices. All organisations, no matter their size, need hygienic, convenient and ‘fit-for-purpose’ Physical Access Control (PAC) and Logical Access Control (LAC) systems in place. Therefore, it’s time to say goodbye to old-fashioned authentication methods of passwords, swipe cards and PINs, and embrace fingerprint biometrics in our migration to a new digital identity.”
- The future of MedTech explored by healthcare and technology leaders at business summit
- The future of technology within health and social care
- Groundbreaking Research From Xactly Highlights the Disruptions that Transformed Sales Organisations in 2020, Presents an Outlook for the Future
- What can corporates learn from digital transformation in the COVID era?
- identity and access management (IAM)
Ian Jennings, Managing Director at BlueFort Security, emphasises that identity and access management (IAM) should be a cornerstone of security in any IT environment, providing centralised security controls and risk mitigation to protect information systems and data from access by unauthorised users and malicious actors.
“These tools simplify and strengthen system defences, with enterprise single sign-on and privileged access management solutions providing a positive user experience while mitigating the threat to data security, he says. “With only one set of credentials to remember, implementation of multi-factor authentication, two-factor authentication or simply more stringent password specifications to strengthen the access credentials is far simpler.”
However, according to Jennings, IAM solutions have experienced significant innovation in recent years, with machine learning, biometrics and automation providing far more substantial guarantees of identification: “Security leaders should be using World Password Day this year to think beyond passwords, instead looking at new verification layers, authentication methods and automation capabilities that provide much greater prevention against attackers compromising valuable credentials. To support this shift in thinking, organisations should look to expert partners to help identify the correct combination of these innovative technologies and services that will best protect their individual information systems and information assets.”
For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!