Today is the 7th Annual World Password Day and when you look at the current threat landscape, is it any wonder that most people are confused about what to do? Recent research shows a rise in successful credential stuffing attacks. Map that to data that reveals how 45% of working adults admit to reusing the same password for multiple services and you have the perfect environment for cyberattacks.
As a cybersecurity expert, but also as a consumer too, I cannot over-emphasise the importance of protecting yourself and your data – and your password is a critical barrier between you and a cybercriminal.
The scope of our digital life has us working across a multitude of accounts and platforms each requiring a username and password. How many accounts do you have? How many different passwords do you use? Best practice is to have a long, complex password that bears no resemblance to real words. But truly unique passwords across 20+ accounts are hard to remember which is why simple, easy-to-remember passwords are the default for so many. The repercussions can be serious however, as one compromised password can open an individual up to identity theft or potentially put their entire organisation at risk.
This year, the organisers of World Password Day are bringing awareness to the idea of multi-factor authentication (MFA). The basic concept is to use two forms of ‘evidence’ that validate an identify before access is granted, increasing the protection of accounts. For example, when you sign into your account, you will receive an alert to your phone requesting confirmation that it is indeed you logging into the account. You should add MFA to as many accounts as possible to stay protected against today’s threats - #LayerUp.
Both individuals and organisations can do their bit to respond to these threats.
Suggested Tips for Organisations:
- Implement multi-factor authentication.
- Offer business password management applications which mitigate the risk of relying on the human memory for password security.
- Train your users on password hygiene. Password reuse can be tackled through greater education and training around people-centric cybersecurity and attacks.
Suggested Tips for End-Users:
- Use multi-factor authentication (MFA) if available for as many accounts as possible; if MFA is not an option for the account, use a password manager.
- If you use a passphrase, make sure you never use common words or phrases, names or dates associated to you or direct family members.
- Change all passwords twice a year, never reuse passwords across accounts, and change business passwords every 3 months.
As we look ahead, there is the potential that security advice will be to move away from passwords altogether. We have already seen a rise in methods such as facial recognition and other biometric authentication forms in use in place of the traditional password.
This shift may be essential, because although technical vulnerabilities may be harder to exploit in future, humans are already and will remain the most targeted link in cyber security, with the most tech-savvy individuals vulnerable to increasingly personalised and complex attacks.
However, until we are at that point, use National Password Day as the catalyst to update passwords and layer your security.
For more information on how cybercriminals are targeting individuals, please see our People-centric Security Guide.