6 May: It’s World Password Day. Leading IT Experts Share their Insights
Today is World Password Day. We have come a long way since understanding the importance of securing our digital assets and resources with a strong password. Passwords have been a part of our digital existence forever. Despite tech giants propagating the idea of a ‘passwordless’ world, these encrypted pins remain very much viable in the given context of security at the enterprise and individual levels.
So, what’s a password?
A password is a special set of strings of characters used for the identification and providing access to websites, applications, mobile devices and so on. From email accounts to video games to mobile apps, your identity is linked and access is protected by a password — and there lies a problem! Nearly 90 percent of the passwords that we use are ‘hackable’, which means a cyber threat agent can swoop in and often ‘successfully’ break into your account by cracking your password.
Remote Workplace Habits Endanger Password Security
Recently, Avatier Corporation announced the release of Avatier for Outlook, giving users passwordless Single Sign-On (SSO) and unified Identity Access Management (IAM) from within Outlook to make remote work more secure. Avatier for Outlook improves workforce efficiency by providing a unified approach to manage access to any application, approve workflows and review user rights, all conveniently located with the email, calendar and contacts you use every day.
Avatier is a pioneer of work from anywhere (WFA) Identity Governance & Administration (IGA) cloud service delivered as a container.
Nelson Cicchitto, founder and CEO of Avatier said, “Now that more employees are working remotely, organizations need new enterprise access solutions that control security while promoting productivity. By delivering Avatier as an extension of Outlook, organizations can impose identity access security as part of their most commonly used collaboration platform. The result is greater security and increased productivity since Avatier works anywhere you use Outlook.”
“Enterprise identity access management is evolving rapidly, especially as IT professionals have to step up security to support work from home,” said Fran Howarth, Practice Leader for Security at Bloor Research International.
Fran added, “The ongoing challenge is to provide secure access without disrupting productivity. Integrating IAM into collaboration tools such as Outlook offers a logical approach that simplifies IAM while maintaining strong security.”
Risky behaviors invite breach into your password security. We all know passwords are supposedly unique and not to be shared with anyone. Yet, nearly 1 in 5 (17.5 percent) users share their work device password with either spouse or child!
According to a cybercrime-related report by the WEF, more than 80 percent of all cybercrimes are targeted at cracking passwords.
According to a recent survey conducted by iProov, 75% of respondents have had to change their password due to a security or data breach. That’s up over 10% from last year.
The results also revealed:
Almost half of the respondents (42%) change their password only once a year or less.
Over half (54%) of Americans have abandoned online purchases due to forgotten passwords. That’s up 10% from last year.
As part of our editorial coverage of World Password Day, we spoke to the leading IT and Security professionals in the industry.
Here’s what they shared.
New Innovations On the Way Because People Can’t Remember Passwords!
Joe Palmer, President of iProov
“Passwords are a global problem. All around the world, businesses are losing customers and revenues because people can’t remember their passwords. It’s time that organizations moved to alternatives like face verification. It’s secure, it’s effortless and with iProov it works on mobile devices, computers and kiosks.”
Luckily for all of us, technology has advanced so much in recent years that we have multiple alternatives to passwords. For example, we now have biometric authentication and facial recognition identification systems to allow us access to our digital assets.
Password-Free Authentication is one way to eliminate passwords.
Prioritize Password Security Today!
James Carder, LogRhythm CSO
“World Password Day is a timely reminder of how important it is for enterprises to recognize the importance of secure sign-in credentials and its shifting landscape. An estimated 80% of hacking-related breaches can be attributed to lost or stolen credentials, which leads to millions of dollars in financial damages and creates a snowball effect of stolen data. Protecting passwords has become an industry-wide concern that continues to remain an ongoing problem. It is therefore imperative for organizations to prioritize password security by adding in multiple authentication layers, limit employee privileges and consider passwordless alternatives.
Two-factor authentication has been one popular way companies are addressing password and login security. While it’s a helpful and beneficial security step to incorporate, it isn’t without its flaws. Building in an additional security feature does thwart more attacks, but two-factor is also becoming more and more vulnerable to advanced hacking techniques that can steal phone numbers or redirect codes to access accounts.
Passphrases that are much lengthier and more effective than passwords are also another option security teams have been implementing. These 20 – 30-character phrases drastically limit brute force attacks, but also have similar pitfalls to passwords. A more interesting future might be a world without passwords or passphrases altogether.
Passwordless authentication is picking up steam, with over 150 million people currently using passwordless login methods each month. The passwordless option doesn’t necessarily solve this entire security problem, but it would force attackers to extract and replay tokens, a much more difficult process than using brute force for weak passwords, password reuse, phishing, or credential stuffing.
Adopting a Zero Trust security model can further help limit password exposure in on-premises or cloud environments, while also ensuring that proper network access is strictly granted to authorized individuals. It’s intended to use several factors to authenticate users (to establish trust) other than a username, password, and overall user profile. And should a compromise occur to user credentials, it’s mostly limited to an isolated, single-threaded incident and won’t compromise the network’s system, data, or applications.”
Helping WFH Professionals with Relevant Security Tech
Simon Marchand, Chief Fraud Prevention Officer for Nuance Communications
The events of 2020 brought more than just rapid changes in the way we work. More than 88% of organizations across all industries saw the pandemic as the trigger of a significant acceleration in the transformation of security and authentication methods, according to a recent Opus survey.
For many, this meant heightened budgets that finally allowed security teams to access the means for their motivations to begin planning the rollout of top-of-its-class biometrics technology to replace old authentication methods such as PINs and passwords.
The need has been recognized for years, but we are just now seeing the right resources being invested in making that shift. One of the main triggers for that is not only the two-fold increase of identity theft crimes in 2020 (compared to 2019) but also the very material advantage a complete biometrics platform represents. This increases security for customers across all channels, in addition to helping protect WFH agents who are increasingly targeted by fraudsters exploiting their vulnerability for social engineering.
And more, such a platform can also help secure WFH environments by removing PII from agents’ desktops and locking customer files behind the most secure lock possible: their biometric print. This year, we will finally see the change security professionals have been asking for over a decade and remove passwords to move to secure, frictionless, transparent biometrics authentication.
Embrace MFAs to Prevent Cyber Attacks on your Work Device
Anurag Kahol, Bitglass CTO
“The dark web contains over 15 billion stolen account logins, including credentials, usernames and password pairs, a massive amount of data that is mostly being offered for free. With most breaches resulting in the distribution of duplicate files that are shared amongst cybercriminals, it makes it incredibly difficult to track down stolen data and find the source of stolen information. While hackers have access to a substantial amount of data that can lead to unauthorized organizational access and data breaches, multi-factor authentication is an effective means of thwarting attacks while bolstering and improving password protections.
Multi-factor authentication requires knowledge (password or pin), possession (one-time code, ID card or digital key) and inherent (fingerprint or scan) to verify user identity. While digital codes or tokens to a device can potentially end up in the wrong hands, adding another blanket of security like inherent alleviates the risk should a smartphone fall into the wrong hands. Another approach is to use multi-factor authentication paired with contextual access policies (e.g. device, geography) in a step-up fashion. This uses a tiered security system, allowing access to different types of resources that then require additional, stronger verification methods for more sensitive information. By utilizing multi-factor and step-up authentication, enterprises are strategically prepared to protect the high-priority organizational data and user passwords across platforms.”
Practice Zero Trust
Ashish Gupta, Bugcrowd CEO & President
“World Password Day is an opportunity to take a step back and examine what the future holds for secure logins. To date, over 600 million passwords have been exposed through data breaches. Needless to say, standalone password protection is an insufficient and ineffective method of protecting organizations and sensitive information.
Weak, insufficient and stolen credentials are common causes for breaches and hacks that often result in millions of dollars in damages and data loss. It’s more important than ever before for companies to rely on two-factor authentication that also incorporates additional login tokens or one-time codes to fully obtain access. This adds in another layer of security to help address the password problem but still hasn’t solved it entirely as hackers can still gain access through authentication code interception techniques and SIM swapping.
While two-factor is a step up from traditional password safety, modern-day problems require modern solutions, and passwordless authentication may hold the future key to more effectively securing credentials. Passwordless authentication is an intriguing and hopefully superior option in the near future, but it’s not a standalone panacea for security concerns. Coupling in additional measures such as Zero Trust, crowdsourced cybersecurity and proactive threat detection will keep enterprises secure and information safely protected in the future.”
Save your INBOX!
Dave Wager, Zix CEO
“World Password Day is an excellent time for individuals and businesses to reflect on their current password practices and ensure they are building the safest habits to protect themselves and their company from cybercriminals. Many are under the assumption that if they are taking the steps to create unique passwords for each platform and application, they are secure. But it’s not enough.
The number of headline-grabbing breaches that have taken place over the last year highlight the critical need for safeguards across the entire company network.
While there are a few different ways to protect login credentials beyond a simple username and password, one of the most popular and effective options is two-factor authentication (2FA). Implementing 2FA provides an extra layer of security by making users confirm their identity, most often via a unique code sent to the user’s phone, email address or through an authenticator app, after entering their username and password. It’s getting easier for cybercriminals to breach even the most complex password, which is why implementing 2FA is critical.
Email is a common point of attack because it often contains sensitive and valuable communications. Organizations should also consider implementing an email security solution that conducts a security audit to analyze its admins, users, mailboxes, and rules for vulnerabilities such as outdated passwords so they can be resolved before a breach happens. Organizations should use World Password Day to evaluate their internal Password Policies and send reminders to employees and customers alike about the importance of good password hygiene.”
There are countless resources available online on ‘how to build a strong password.’ If you hate the whole process of creating passwords every time you are asked to, try this tool and test its strength. You can also test your password’s strength using security.org’s tool.
Here’s a helpful guide from the CMU on how to create and manage your password. Never gets old!