Experts share the top five ways you can improve upon your password security this World Password Day

Happy World Password Day! To celebrate, we hear from three cybersecurity experts on how to best individuals can improve upon their password security.

With 31% of global companies being attacked by cybercriminals at least once a day and most of the attacks involving phishing, it is clear that weak passwords remain a major challenge, eight years after the first World Password Day. 2021 Acronis Cyber Protection Week Global Report, 75% of personal IT users and 50% of IT professionals lost data last year, exposing the personal information of themselves, their businesses, and their clients to cybercriminals.

Candid Wüest, Acronis’ VP Cyber Protection Research, shared his recommendations with Top Business Tech on how and why individuals should protect their password security. He says: “Data breaches seem to have become an everyday occurrence. This means that our sensitive data, including account credentials, are more likely than ever to find their way into public view. Even if only a username or a password was leaked, it can still be used with a dictionary list of common passwords, or data from another leak, to find the correct combination of a username and a password,” says Wüest.

“From there, all an attacker needs to do is throw the password in as many accounts as possible, and they are likely to find one that lets them in. These so-called credential stuffing attacks are unfortunately still very successful. This is why password reuse is so dangerous. If your password is leaked or easily guessed, you may have multiple accounts compromised before you even know it has happened.”

  1. Password Management

Wüest’s first solution is clear. Obtain a password manager: “As a bare minimum, it is time for anyone who isn’t already using a password manager to do so. With these tools, you can easily use long and complex passwords for each account. This not only makes it significantly harder for cybercriminals to crack them but also means that if one password gets leaked, it won’t help an attacker get into any other accounts.” 

  1. Multi-factor authentication MFA

Wüest also recommends enabling multi-factor authentication (MFA) wherever it is available. “Even though there have been successful attacks against text message-based MFA in the past, it still is better than no MFA at all,” he said. “Many password managers are also incorporating MFA into their service, so you don’t need different apps for your passwords and your MFA tokens. In addition to this, password managers can prevent you from copying the credentials to phishing websites as they detect that the website URL has changed. It may be a change in mindset to implement these processes, but a slight shift in how we log in will make it significantly more difficult for an attacker attempting to access our accounts.”

  1. Maintenance

“Additionally, I recommend performing regular password maintenance. This does not necessarily mean going through and changing all of your passwords, but rather reviewing the accounts you have passwords for, and removing any accounts you no longer need. Keeping your passwords to a minimum can also decrease the chances of your usernames and email addresses being stolen. Using a U2F key, which is a physical device that connects to the computer, and biometrics can also add a level of complexity to your credentials. However, it is important to keep in mind that physical keys can be lost or stolen, and biometrics are really more of a username than a password, as you cannot change them.”

  1. Biometric data

Vince Graziani, CEO, IDEX Biometrics ASA, speaks of the growing importance of biotech in place of passwords: “Today, we store more of our personal information online and on digital devices than ever. To keep those digital identities secure, general cybersecurity advice recommends we update our passwords every 90 days at least. However, that can lead to hastily typed passwords we soon forget or leave scribbled on notes for others to find. 

“While it’s quite normal to forget a password, you can’t forget your fingerprint. Thankfully with biometric data, we are offered a more secure and timeless form of authentication that avoids the frustration of constantly updating passwords.”

“As time goes on, it has become increasingly apparent that passwords are no longer adequate to protect us– especially during the pandemic. Now, we are starting to see the continued use of this insufficient mode of authentication putting consumer data at risk and costing businesses money. To resolve this, companies must move towards more heightened security measures, such as using biometric data to authenticate entry to corporate buildings, networks and devices. All organisations, no matter their size, need hygienic, convenient and ‘fit-for-purpose’ Physical Access Control (PAC) and Logical Access Control (LAC) systems in place. Therefore, it’s time to say goodbye to old-fashioned authentication methods of passwords, swipe cards and PINs, and embrace fingerprint biometrics in our migration to a new digital identity.”

READ MORE: 

  1. identity and access management (IAM)

Ian Jennings, Managing Director at BlueFort Security, emphasises that identity and access management (IAM) should be a cornerstone of security in any IT environment, providing centralised security controls and risk mitigation to protect information systems and data from access by unauthorised users and malicious actors.  

“These tools simplify and strengthen system defences, with enterprise single sign-on and privileged access management solutions providing a positive user experience while mitigating the threat to data security, he says. “With only one set of credentials to remember, implementation of multi-factor authentication, two-factor authentication or simply more stringent password specifications to strengthen the access credentials is far simpler.”

However, according to Jennings, IAM solutions have experienced significant innovation in recent years, with machine learning, biometrics and automation providing far more substantial guarantees of identification: “Security leaders should be using World Password Day this year to think beyond passwords, instead looking at new verification layers, authentication methods and automation capabilities that provide much greater prevention against attackers compromising valuable credentials.  To support this shift in thinking, organisations should look to expert partners to help identify the correct combination of these innovative technologies and services that will best protect their individual information systems and information assets.”

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Is It Time for a VMware Alternative?

Wind River • 22nd May 2025

Companies have options when it comes to replacing VMware as their cloud platform, to address rising costs, support concerns, and a shrinking partner ecosystem. If you are ready to contemplate a different vendor, here are five reasons why Wind River Cloud Platform should be on your short list of VMware alternatives.

AI Leads as VivaTech Unveils Top 100 Startups

Viva Technology • 14th May 2025

Viva Technology has unveiled the first edition of its “Top 100 Rising European Startups for 2025,” spotlighting the most promising young companies shaping Europe’s tech future. Germany, France, and the UK lead the ranking, which highlights high-growth startups across 13 countries. Artificial intelligence dominates the list, with 15 companies spanning AI agents, models, and infrastructure....

Birmingham Unveils the UK’s Best Emerging HealthTech Advances

Kosta Mavroulakis • 03rd April 2025

The National HealthTech Series hosted its latest event in Birmingham this month, showcasing innovative startups driving advanced health technology, including AI-assisted diagnostics, wearable devices and revolutionary educational tools for healthcare professionals. Health stakeholders drawn from the NHS, universities, industry and front-line patient care met with new and emerging businesses to define the future trajectory of...

Why DEIB is Imperative to Tech’s Future

Hadas Almog from AppsFlyer • 17th March 2025

We’ve been seeing Diversity, Equity, Inclusion, and Belonging (DEIB) initiatives being cut time and time again throughout the tech industry. DEIB dedicated roles have been eliminated, employee resource groups have lost funding, and initiatives once considered crucial have been deprioritised in favour of “more immediate business needs.” The justification for these cuts is often the...

The need to eradicate platform dependence

Sue Azari • 10th March 2025

The advertising industry is undergoing a seismic shift. Connected TV (CTV), Retail Media Networks (RMNs), and omnichannel strategies are rapidly redefining how brands engage with consumers. As digital privacy regulations evolve and platform dynamics shift, advertisers must recognise a fundamental truth. You cannot build a sustainable business on borrowed ground. The recent uncertainty surrounding TikTok...

The need to clean data for effective insight

David Sheldrake • 05th March 2025

There is more data today than ever before. In fact, the total amount of data created, captured, copied, and consumed globally has now reached an incredible 149 zettabytes. The growth of the big mountain is not expected to slow down, either, with it expected to reach almost 400 zettabytes within the next three years. Whilst...