Experts share the top five ways you can improve upon your password security this World Password Day

Happy World Password Day! To celebrate, we hear from three cybersecurity experts on how to best individuals can improve upon their password security.

With 31% of global companies being attacked by cybercriminals at least once a day and most of the attacks involving phishing, it is clear that weak passwords remain a major challenge, eight years after the first World Password Day. 2021 Acronis Cyber Protection Week Global Report, 75% of personal IT users and 50% of IT professionals lost data last year, exposing the personal information of themselves, their businesses, and their clients to cybercriminals.

Candid Wüest, Acronis’ VP Cyber Protection Research, shared his recommendations with Top Business Tech on how and why individuals should protect their password security. He says: “Data breaches seem to have become an everyday occurrence. This means that our sensitive data, including account credentials, are more likely than ever to find their way into public view. Even if only a username or a password was leaked, it can still be used with a dictionary list of common passwords, or data from another leak, to find the correct combination of a username and a password,” says Wüest.

“From there, all an attacker needs to do is throw the password in as many accounts as possible, and they are likely to find one that lets them in. These so-called credential stuffing attacks are unfortunately still very successful. This is why password reuse is so dangerous. If your password is leaked or easily guessed, you may have multiple accounts compromised before you even know it has happened.”

  1. Password Management

Wüest’s first solution is clear. Obtain a password manager: “As a bare minimum, it is time for anyone who isn’t already using a password manager to do so. With these tools, you can easily use long and complex passwords for each account. This not only makes it significantly harder for cybercriminals to crack them but also means that if one password gets leaked, it won’t help an attacker get into any other accounts.” 

  1. Multi-factor authentication MFA

Wüest also recommends enabling multi-factor authentication (MFA) wherever it is available. “Even though there have been successful attacks against text message-based MFA in the past, it still is better than no MFA at all,” he said. “Many password managers are also incorporating MFA into their service, so you don’t need different apps for your passwords and your MFA tokens. In addition to this, password managers can prevent you from copying the credentials to phishing websites as they detect that the website URL has changed. It may be a change in mindset to implement these processes, but a slight shift in how we log in will make it significantly more difficult for an attacker attempting to access our accounts.”

  1. Maintenance

“Additionally, I recommend performing regular password maintenance. This does not necessarily mean going through and changing all of your passwords, but rather reviewing the accounts you have passwords for, and removing any accounts you no longer need. Keeping your passwords to a minimum can also decrease the chances of your usernames and email addresses being stolen. Using a U2F key, which is a physical device that connects to the computer, and biometrics can also add a level of complexity to your credentials. However, it is important to keep in mind that physical keys can be lost or stolen, and biometrics are really more of a username than a password, as you cannot change them.”

  1. Biometric data

Vince Graziani, CEO, IDEX Biometrics ASA, speaks of the growing importance of biotech in place of passwords: “Today, we store more of our personal information online and on digital devices than ever. To keep those digital identities secure, general cybersecurity advice recommends we update our passwords every 90 days at least. However, that can lead to hastily typed passwords we soon forget or leave scribbled on notes for others to find. 

“While it’s quite normal to forget a password, you can’t forget your fingerprint. Thankfully with biometric data, we are offered a more secure and timeless form of authentication that avoids the frustration of constantly updating passwords.”

“As time goes on, it has become increasingly apparent that passwords are no longer adequate to protect us– especially during the pandemic. Now, we are starting to see the continued use of this insufficient mode of authentication putting consumer data at risk and costing businesses money. To resolve this, companies must move towards more heightened security measures, such as using biometric data to authenticate entry to corporate buildings, networks and devices. All organisations, no matter their size, need hygienic, convenient and ‘fit-for-purpose’ Physical Access Control (PAC) and Logical Access Control (LAC) systems in place. Therefore, it’s time to say goodbye to old-fashioned authentication methods of passwords, swipe cards and PINs, and embrace fingerprint biometrics in our migration to a new digital identity.”

READ MORE: 

  1. identity and access management (IAM)

Ian Jennings, Managing Director at BlueFort Security, emphasises that identity and access management (IAM) should be a cornerstone of security in any IT environment, providing centralised security controls and risk mitigation to protect information systems and data from access by unauthorised users and malicious actors.  

“These tools simplify and strengthen system defences, with enterprise single sign-on and privileged access management solutions providing a positive user experience while mitigating the threat to data security, he says. “With only one set of credentials to remember, implementation of multi-factor authentication, two-factor authentication or simply more stringent password specifications to strengthen the access credentials is far simpler.”

However, according to Jennings, IAM solutions have experienced significant innovation in recent years, with machine learning, biometrics and automation providing far more substantial guarantees of identification: “Security leaders should be using World Password Day this year to think beyond passwords, instead looking at new verification layers, authentication methods and automation capabilities that provide much greater prevention against attackers compromising valuable credentials.  To support this shift in thinking, organisations should look to expert partners to help identify the correct combination of these innovative technologies and services that will best protect their individual information systems and information assets.”

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...