World Password Day: What is there to consider about password protection?

As evidenced by the continued observation of World Password Day, which was created by Intel in 2013, passwords remain as important as ever in cyber security.

These days, the process more commonly used in tandem with other authentications, such as biometrics.

“Multi-factor authentication using passwords with some additional authentication factors such as biometrics, one-time codes, or mobile approvals, should be standard practice,” said Corey Nachreiner, CTO of WatchGuard Technologies, “and with SSO (Single Sign-on), you only have to log in once to access the applications you use, so, no one can complain.

“Maybe we need to replace World Password Day with World MFA Day.”

MFA: A necessity, not a nice-to-have

There was a time that some regarded MFA as an optional accessory that is nice to have.

These days, however, mobile phone companies, among others, have become more and more persuasive about implementing biometric security measures such as a fingerprint alongside passwords or pin numbers.

How much do behavioural biometrics improve cyber security?

Experts often consider biometrics security the next big thing in cyber security. It encompasses a broad category that includes verifying a person’s fingerprint, iris, gait and other factors that should be unique to the person checked. However, various tests proved that some biometric-based security has substantial room for improvement. Read here

“Simple standalone passwords may be easy to remember, easy to use, and work across many environments, but they are also easy to guess, easy to phish, and easy to compromise,” said Tim Brown, vice-president, security at SolarWinds MSP. “Password managers have done a great job enabling us to use complex passwords while eliminating the need for us to remember them, but you should always go to the next step beyond complex passwords with multi-factor authentication or conditional access, especially for sensitive environments.

“If you have the choice between just a password or a password combined with multi-factor authentication, always choose the latter. A little bit of disruption every time you log in is well worth the security it provides.

“Over time, multi-factor authentication should be regarded as a necessary security requirement for anything that today requires a password, not as an added extra.”

Most common poor passwords

When coming up with a password for a new entry point, it’s never been more vital to choose one that is secure, includes a variety of characters, and isn’t particularly personal to the user.

With a substantial proportion of workforces across the UK now working from home, there has been a rise in work done on personal devices, which, accordingly, has seen a shift in targets on the part of hackers.

A study by ID Agent, a Kaseya company, released in light of World Password Day, reviewed over 2 billion passwords and found that the most common poor-rated password currently used by individuals was ‘123456’, followed closely by ‘password’ and ’email’.

Kevin Lancaster, founder of ID Agent, said: “The fastest way for bad actors to penetrate a company’s defences is by obtaining that company’s passwords. Estimates suggest that over 80% of data breaches are directly caused by weak, cracked or stolen passwords.

“Between work and personal systems, one user might need to manage as many as 135 different login credentials, and that’s a lot to track – which is why people often use simple words and tend to reuse and recycle their passwords.

“But with so many individuals currently working from home, the threat of cyber attacks has never been greater, and the need for good password management is more important than ever.”

A guide to safely working from home in period of Covid-19 uncertainty

Working from home has become the norm during the coronavirus pandemic. How can employees work safely in this environment? Read here

Password managers

Another possible solution for protecting data is to deploy a password manager. This can be effective on-premise, online and in the cloud.

“With more people working remotely due to Covid-19 and accessing corporate and business accounts outside of the office, people need to be even more careful with their passwords – and that means avoiding the classic ‘1234’ password that is unfortunately still too common,” said Kiri Addison, head of data science for threat intelligence and overwatch at Mimecast.

“Using a password manager naturally encourages people not to use the same passwords, Instead, the system records original, complex passwords that the user can then access using a master password, which takes away the pressure of remembering every single password.

“Combined with multi-factor authentication, which provides an additional layer of security and a further barrier from unwanted access, users can benefit from higher security.”


Avatar photo

Aaron Hurst

Aaron Hurst is Information Age's senior reporter, providing news and features around the hottest trends across the tech industry.