Tech leaders have one thing in common – they’d like to see users improve their password behaviours.
Here’s tips from some the industry’s leading experts on today, World Password Day:
Gee Rittenhouse, CEO of Skyhigh Security
World Password Day is a great opportunity to remind everyone about the importance of protecting data within organisations as well as your own personal data.. Cybercriminals today are more sophisticated at obtaining usernames and passwords making it easier for them to conduct a data breach. Today is a great opportunity to remind ourselves of a few simple steps to improve our data security.
A first step is to bolster their approach to authentication. Simply having a username and password is no longer enough. We need to move beyond this to adopt more secure processes, such as two-factor authentication or multi-factor authentication.
The second step is the adoption of Zero Trust across the enterprise network. This means that no trust is given automatically to users – instead it is earned through logging in patterns and behaviours, which facilitates tighter security. Also, employees are only given access to data, apps and systems that are related to their daily jobs meaning that if passwords are compromised, the subsequent damage is limited.
While following these important steps to stay data-aware is always beneficial, World Password Day is a great reminder for us all.
Simon Marchand, CFE at Nuance Communications
“World Password Day acts as a reminder to businesses and consumers alike that PINs and passwords are an archaic tool, no longer fit for purpose. Passwords are being sold on the dark web, exploited for fraudulent activity and have even cost unfortunate individuals vast sums of money in terms of forgotten passwords to safeguard cryptocurrencies.
“In our current landscape, effective fraud prevention strategies are no longer optional. Indeed, recent research from Nuance found that on average, victims of fraud lost over £3,300 each in a 12-month period – three times higher than in 2019. As such, it is high time traditional authentication methods – such as PINs and passwords – are confined to the history books.”
“This will enable modern technologies – such as biometrics – to be more widely deployed in order to robustly safeguard customers. Biometrics authenticate individuals immediately based on their unique characteristics – taking away the need to remember PINs, passwords, and other knowledge-based credentials prone to being exploited by fraudsters and providing peace of mind, as well as security, for end-users.”
“When it comes to fraud, prevention is always better than a cure. Today, consumers are more aware than ever of the importance to protect their own information, and they will hold accountable the organizations that don’t do enough to protect the information they share with them. Without question, businesses need to be one step ahead and education around the most effective security solutions- like biometrics- is key.”
James Walker, CEO of Rightly
“Consumers need to do more than simply just protect their password. In today’s digital world, the focus must be on taking control of the data that’s exposed if your password is hacked. You wouldn’t think twice about updating and changing passwords that have been hacked to make sure cyber criminals can’t access your accounts, personal data and even finances again, so why not be one step ahead and also delete all of the other unnecessary data that the company holds on you at the same time? Rather than going to great lengths to protect and manage your passwords, the focus should be on protecting the data that your password protects.”
Helena Nimmo, CIO of Endava
“As organisations are under increasing pressure to defend themselves against sophisticated cyber-attacks, their focus will inevitably land on improved password security. This makes World Password Day a great time for organisations to rethink their internal password culture and reconsider how they instruct their employees to create passwords in the first place. Setting certain parameters like password length or that it must include certain characters and numbers could have the opposite effect intended. Rather than promoting the creation of unique passphrases instead passwords with fixed characteristics, it can lead to the reuse of passwords across several accounts or the change of one or two characters in an already existent password, leading employees to ultimately forego a refresh for fear of forgetting.
Password security can be improved by encouraging employees to connect their chosen passwords more to positive thoughts or good memories. Doing so will create a different mindset instantaneously. In addition, there are a myriad tools that can be used to improve password security, such as, Multi-Factor-Authentication (MFA). Password managers are also an excellent way to achieve more password sophistication.”
Gary Cox, Director of Technology Western Europe at Infoblox
“Even strong passwords are not enough to secure users’ accounts, let alone network access for a business. Added to that, many organisations are still figuring out their security strategies for cloud and hybrid infrastructures, with their employees often given the choice of working location and BYOD.
To me, World Password Day highlights the importance of securing identity and leveraging that to practice what the industry is calling zero trust. Assume your network has already been breached, that your connections and systems are already compromised.
Adopting this mindset requires businesses to take proactive security measures beyond passwords. You can fortify passwords with multi factor authentication, and leverage password managers to help manage many complex passwords but once an attacker gets through that front door, be ready with vigilant detection tools. For instance, use DNS security to raise a red flag for suspicious behaviour in the network. Don’t let the suspicious turn malicious. Flag it, investigate it, and remediate if it’s a credible threat.”
Ramsés Gallego, International Chief Technology Officer at CyberRes, a Micro Focus line of business
“With a constantly evolving threat landscape, it’s essential that organisations take stock of their current cyber defences and bolster their capabilities accordingly. To make matters worse, according to research from the UK Information Commissioner’s Office (ICO), human error was responsible for 90% of the UK’s cyber data breaches in 2019. As a result, it’s imperative that we secure systems and infrastructure to ensure that the right people have the right access to the right assets at the right time. No more, no less. Importantly, we now live in an era where we do not need passwords alone – or sometimes at all – to enable trusted access. There’s no denying that multi-factor authentication is a useful tool to replace or augment passwords.
“Despite these advances, there’s no doubt that passwords aren’t going anywhere, at least for now. What’s more, boosting password security – and cyber-resiliency more widely – cannot be achieved by technology alone. Businesses have a responsibility to provide their teams with both the tools and the knowledge needed to mitigate the risks of cyber-attacks. They must ensure they are educating their employees on best practice cybersecurity hygiene, beginning with how to create strong passwords and the importance of using different ones for different applications and services. Not only that, they must make sure workforces understand the various tactics used by hackers to target unsuspecting users, from phishing to fake websites. Crucially, increasing awareness among staff on how they could potentially be putting their organisation’s data at risk is key, especially as workforces continue to access systems remotely during and after the pandemic.”
Flick March, UKI Security and Resiliency Practice Leader at Kyndryl
“Data is rapidly becoming the most valuable asset that modern businesses possess. Unfortunately, hackers are also aware of this. Therefore, as more workloads are digitised and business systems are increasingly connected, the risk of a breach is also rising.
“As enterprise data grows exponentially in volume and becomes increasingly diverse it’s essential that organisations are adopting comprehensive data protection strategies to protect against data corruption and cyber-attacks.
“While implementing the appropriate technology to support this approach is crucial, organisations also need to focus on training. It’s important to remember that the responsibility of cyber security falls to everyone in an organisation and employees need to be educated on at least the basic best practices of cyber hygiene. Password security plays a huge part in this and it’s the area that is most often neglected.
“We’ve all heard it a thousand times, but too few stick to it. Use secure passwords: a different one for each account. Specifically, a secure password contains at least 10 characters and is made up of a combination of lowercase and uppercase letters, numbers and special characters. Passwords that follow this guidance are as good as unbreakable.
“Maintaining the basic principles of cyber hygiene, such as password security, are key practices to the overall cyber resilience of an organisation and could have drastic repercussions if not followed.”