Smart dads would often say –
“Your internet identity exists because of your password.”
“No passwords? I will disown you!” (slightly harsh- I know, but why risk?)
“You are only as strong as your latest password.”
“In love and friendship, do not share your password.”
In one visit to Austin in Texas last May, I had read a t-shirt quote that went like this:
“My brain’s just full of passwords.”
Everyday should be a World Password Day… If you are still using a password that has the birthdays, anniversary or names, you are up for a major jolt! You are 90% more likely to be targeted by a spammer or a ransomware attacker due to your weak password creation tactics. In the US, one of the biggest targets for cyber attackers, 59% of internet users do not go beyond using their birthdays or names as passwords!
Every year, 4 May is celebrated as the World Password Day – a day tech giant Intel established to create awareness about the importance of stronger passwords. For Star Wars fans, they know what it means to be fighting invisible attackers with frontier technologies! But jokes apart, even Star Wars fans are under attacks if they haven’t secured their systems with strong passwords…
In 2022, there were 111 million passwords-related attack in a day. Whether you are using a personal desktop with private internet connection or connected to a public WiFi, your chances of sneaking past an attacker are very slim. Why? Attackers are always a step ahead of the best technologies that are made to secure your devices. In such a challenging security scenario, a strong password would take you very far, till you either decide to change the password, or go completely passwordless.
In so many ways, passwords can save your day, but they can be real trouble too if your passwords land in the wrong hands or if you fail to remember them. From setting the right password to meeting password character limits, working with passwords can be counter-productive for your employees and IT teams. That’s why we see so many organizations opting for passwordless tools like passkeys to secure their digital assets. But, did you know that less than 25% of IT users are actually aware about the passwordless technology! But hey, this article is not going to be about passwordless — but the day we all celebrate as Password Day — a day to remember why they exist in the first place and what you should do to stay on top of your security requirements.
Leading security professionals spoke to us on the World Password Day, highlighting the extent to which passwords play an important role in preventing traditional cyber attacks in one way, and if they fall into the wrong hands, how they can be weaponized against your organization.
Neil Jones, the Director of Cybersecurity Evangelism at Egnyte said, “On World Password Day, it’s important to remember that despite users’ growing cybersecurity and data protection vigilance, weak passwords, such as 123456, password, and qwerty, are still far too commonplace. This is concerning because easily-guessed passwords can be a treasure trove for cyber-attackers.
Neil explained, “The good news is that there are several ways organizations can enhance their password management programs, which include:
- Utilizing Multi-Factor Authentication (MFA).
- Establishing mandatory password rotations and requiring employees to change their passwords and passphrases on a routine basis.
- Re-visiting your company’s account lockout requirements to ensure that users’ access is immediately disabled after multiple failed login attempts.
For maximum protection, educating your employees about the significance of password safety is critical, especially reminding them that passwords should never be shared with anyone including your closest business colleagues. Finally, family members should never be permitted to access your business devices.”
Egnyte is a Silicon Valley-based data-governance company.
If you have Sensitive Data, Employ a Strong Data Governance Policy for your IT
Ian Leysen, CEO, CSO, and Co-Founder, Datadobi says, “World Password Day serves as an important reminder to individuals and businesses alike about the critical importance of password security in protecting sensitive data. World Password Day is also a reminder that as the frequency of data breaches and cyber-attacks continue to rise, we cannot rely on passwords alone.
From a business perspective, relying solely on passwords to protect critical data is an especially risky proposition. The next step must be to employ data governance policies that designate what constitutes critical data that must be protected. However, even with these policies in place, protecting data that you cannot find is impossible. Businesses need a technology solution that enables them to locate and organize all critical data, and then take appropriate action to secure it. This may involve creating an immutable copy, moving it to a more secure environment, creating a “golden copy,” and/or transferring the data to a storage solution that can be air-gapped for even greater protection from online threats. This tailored approach is much smarter than relying on broad security measures that may not be effective in all situations.
To sum it up, combining strong passwords with data governance policies and a technology solution to enforce those policies is an unbeatable approach to data protection and security. In doing so, businesses can safeguard their sensitive information – especially from the growing threat of cyber-attacks, consequently enabling them to comply with regulations, as well as protect their intellectual property, reputation, and bottom line.”
Build Strong Passwords and Change them Very Often
Don Boxley, CEO and Co-Founder, DH2i said, “World Password Day is a day to acknowledge the pivotal role that passwords play in our digital lives. It is also a day that reminds us how prevalent cybercrime has become, and while creating strong and unique passwords and regularly changing them is critical, passwords must be considered a first-line, not the only-line, of defense.
Historically, VPNs were considered a reliable line of defense against cyber threats, but their popularity is rapidly declining due to their limitations in terms of security, slow connection speeds, bandwidth constraints, configuration and management complexity, and high cost. On the other hand, Software-Defined Perimeters (SDP) are gaining popularity as a safer and more efficient alternative. Advanced implementations of SDP allow users to establish direct connections with application-level Zero Trust Network Access (ZTNA) tunnels, eliminating the involvement of third-party vendors in the data stream. With SDP, users have direct access to the data endpoints they need, without any intermediaries. In comparison to VPNs, only SDP can prevent lateral network attacks, enhance data transfer rates by up to 3x, and offer complete control over the data stream.
Bottom-line, bulletproof passwords combined with SDP provide unparalleled security to eliminate cyber threats. Passwords act as the first line of defense, while SDP’s advanced security features ensure only authorized users access the network and data endpoints, reducing the risk of cyberattacks, data breaches, and lateral network attacks on World Password Day, and all year round.”
Ransomware Artists Go After Weak Passwords
Every organization is vulnerable to ransomware attacks. Bigger the size and reputation of the organization, greater are the risks of being targeted by a ransomware group.
Steve Santamaria, CEO, Folio Photonics, said, “Cybercrime is a growing threat to individuals and businesses alike. Hackers are constantly looking for ways to exploit weaknesses in our digital security, steal our personal and sensitive information, and hold it for ransom. One of the most common ways that cybercriminals gain access to our accounts and information is through weak or easily guessable passwords. World Password Day serves as a reminder that using strong and unique passwords is critical to protecting our digital presence. But it’s not enough. Hackers are becoming more sophisticated in their tactics, and relying solely on passwords for protection is like leaving your front door unlocked in a high-crime area.
To truly safeguard our digital assets, we need to employ multiple layers of data protection. This includes things like two-factor authentication, encryption, and regular system updates. But even those measures may not be enough. That’s why having a secure, tamper-free data archive that uses WORM media is so important. It can safeguard your assets while helping you recover from a ransomware attack or other data loss event; subsequently, reducing the impact that this disaster has on your business operations.
But to truly take your cybersecurity to the next level, you may need to consider air-gapping your data archive. Air-gapping your data means physically disconnecting it from the internet or any network connection, making it virtually impossible for cybercriminals to access it. When an air gap is combined with WORM media, it becomes the ultimate protection and should sit at the base of any cyber-resilient infrastructure. While this has often been used in the most sensitive, highest security environments, it is becoming more-and-more commonplace to see other types of organizations deploying it as well.
So, if you’re not taking cybersecurity seriously, it’s time to wake up and smell the coffee. The threat of cybercrime is real and growing. If you don’t take steps to protect your digital presence, you could be the next victim. So, use World Password Day as a reminder to take action and employ multiple layers of protection to safeguard your digital assets.”
Rising Attacks on IT Assets Somehow Lead to Passwords!
Patrick Harr, CEO, SlashNext said, “Every May, we recognize World Password Day as an international effort to empower individuals and businesses to keep their data safe and enable better password habits. Passwords have been basic cyber hygiene for decades But, sadly, they are no longer enough to keep our personal and corporate information safe amid today’s rising attacks. If you don’t use strong passwords or if you are constantly using the same ones across all your devices, you’re putting your data and devices at risk. Proper password hygiene is of course critical, but even following password best practices to the letter can’t prevent hackers from obtaining access to accounts and systems.
According to SlashNext’s The State of Phishing Report 2022, 76% of the attacks found in 2022 were credential harvesting, which is still the number one cause of breaches, as demonstrated in the high-profile breaches in 2021 and again in 2022 with Twilio, Cisco, and Uber, all starting with credential theft.
Additionally, given the rise of new AI tools like ChatGPT, hacking passwords has become easier than ever. According to a study by Home Security Heroes, almost 51% of all common passwords can be cracked easily in less than a minute by AI. Apart from this, 65% of the common passwords were cracked by the AI in less than an hour, whereas 81% of the passwords took less than a month.
In this case, using security tools with AI technology is important to stop these AI-based attacks that are aiming to steal your credentials. You have to fight AI with AI.
It’s also common knowledge (although often ignored) that you should never use the same password for different accounts, since hackers who obtain a legitimate password will try it across different systems in hopes of gaining access to more critical data. You should also change passwords routinely to limit the amount of time a hacker can spend in accounts in the case it was compromised.
Overall, World Password Day reminds us how important it is to make cyber hygiene a top priority, especially in this new hybrid work environment which has made employees more vulnerable to attacks.”
Be Confident when Dealing with Data secured by Strong Passwords
Jim Alkove, CEO, Oleria said, “The time for protecting data solely with passwords has come and gone. Today’s rapidly accelerating business environment necessitates strong multi-factor or passwordless authentication and a transition to new adaptive and autonomous approaches to access. Adaptive access allows an organization to reduce the risk of breaches by granting just the right access at the right time for the right duration. Autonomous access frees an organization from the expense of today’s largely manual approaches to managing access and allows them to accelerate with the pace of business, confident that data is protected.”
From the Rooftop- Use PASSWORD Managers!!!
Joseph Carson, Chief Security Scientist, Delinea said, “World Password Day serves as a reminder to reflect and think about your password health. If you’re anything like me, you are not a fan of passwords – having to frequently change them and choose the next great password that is better, longer and more unique than the previous one. This World Password Day, let’s take a moment and think about how we can remove passwords from our lives and into the background, while making our digital lives safer. A great place to start is by using a Password Manager. A Password Manager will let you know when your password needs to be changed, when it’s weak, or when it’s reused. Even better, when used in conjunction with multi-factor authentication (MFA), it takes away the tedious take of choosing – and remembering – your next great password. Let’s use this World Password Day to move passwords out of our lives, into the background, and make our digital world a safer place.”
Darren Guccione, CEO and Co-founder, KEEPER SECURITY said, “Along with evaluating personal password hygiene, World Password Day is a fantastic opportunity for IT security teams to consider their password and secrets management policies. This is a pervasive problem, as our 2022 UK Cybersecurity Census report found that nearly a third of organizations allow their employees to create their own passwords and share passwords using insecure means.
We recommend strong, unique passwords or passphrases for each account that are at least 12 characters with upper and lowercase letters, numbers and special characters. To achieve this, it is essential to use a password manager as a first line of defense. This will help employees use high-strength random passwords for every website, application and system. A password manager will drastically reduce the chances of a compromise that can hurt a company’s reputation or brand. To add an additional layer of security, we also recommend enabling MFA, such as an authenticator app, to protect against remote data breaches.
Password managers can also help colleagues securely share passwords and access to accounts. Some common mistakes include sharing passwords through unencrypted emails or messages, storing passwords in a spreadsheet or text file and making the passwords less complex so they are easier for multiple people to remember. Another key advantage of a password manager is that it makes it easier for teams to protect their shared accounts with MFA.”
Do not Trust anyone but Passwords
Ricardo Amper, CEO and Founder, Incode Technologies said, “This isn’t a reminder to change your password – this is a call to dramatically revolutionize everyone’s day-to-day lives.
Machine Learning, quantum computers, fingerprint biomarkers – we’re living in the future, and the next generation of passwords is finally at our disposal. AI is mature enough for us to skip past band-aid fixes and leapfrog to the end all be all: biometrics. With your unique identity markers, yesterday’s hard-to-remember framework can be fully transformed – say goodbye to the 85 different passwords supplemented by tokens and MFA codes accessed via app or SMS for full control over who accesses your account. It’s no longer a matter of time before your account is hacked: your face is the best defense against cybercriminals’ man-in-the-middle or phishing attempts, since it’s entirely unique to your own identity. We can bypass the easily broken, friction-filled system to create lasting Trust between people and the organizations that serve them.
On this World Password Day, we echo last year’s call for biometrics as the future of passwords and challenge organizations to rethink the way they serve people. Supplementing biometrics with AI creates a more secure, accurate, and seamless means of verifying someone’s identity instead of or alongside passwords. This unprecedented turning point is an opportunity to reimagine everything from lines at the DMV to how we connect with each other online.
We have the ability to eliminate friction but, most importantly, create global equity and social and economic mobility through self-sovereign identities.”
The future will be passwordless – but not quite yet
Chris Vaughan, AVP of Technical Account Management, Tanium said, “Passwords have been one of the basic building blocks of cyber hygiene for decades. The fact is, however, that they are no longer a sufficient security method in the face of increasingly sophisticated attacks. Last year, hackers launched an average of
50 million attacks on passwords per day, or about 580 per second. It is therefore hardly surprising that about 60 percent of data breaches are due to compromised login data.
It has long been known that the classic password is no longer sufficient and is no longer sustainable on its own. The big technology companies like Microsoft, Google and Apple are already in the process of saying goodbye to passwords altogether and using high-tech solutions like biometric logins and facial recognition software. But it will not be possible to implement this change so quickly across the board – so passwords will probably remain with us for a while yet. And with the average cost of a data breach estimated at
$4.2 million, we must continue to use them to maintain a minimum level of security.
But there are ways to additionally secure the use of the classic password. The German Federal Office for Information Security (BSI) recommends choosing a secure password that meets certain quality requirements. In addition, these passwords should be managed with a password manager and secured by multifactor authentication (MFA). This best practice has become commonplace for employees, consumers and businesses alike. MFA effectively protects against credential stuffing, where hackers misappropriate stolen passwords for attacks. While this is a good first step, it is necessary but not sufficient to ensure complete security. In honor of World Password Day, it is therefore advisable to change passwords and put traditional cyber hygiene habits to the test.”
Trellix Advanced Research Center’s Doug McKee, Director of Vulnerability Research, for your consideration says – “This year marks the 10th World Password Day. Addressing the power and pitfalls of password management remains just as important to cybersecurity today as it was ten years ago. With only a third (34%) of CISOs reporting having the technology and tools available to enable their organizations to be secure, even seemingly small efforts like implementing strong passwords remain a critical first line of defense against cyberattacks…”
Doug added, “Poor passwords are a silent vulnerability lurking in the background. One weak password can often lead to a total compromise of a business’ network, meaning that employee education and organization-wide standards for password safety are business imperatives. Use this day to stop ambivalence and spur your colleagues to change their “password123” into something fundamentally secure: a minimum of a 12-character password with at least numbers, upper and lowercase letters.”