World Password Day 2019 is May 2.
Robin Tombs, CEO and Co-Founder of identity verification product company Yoti said World Password Day has never been more relevant. “The high volume of data breaches shows that passwords are no longer fit for purpose. They can easily fall into the wrong hands and if they’re stored in a central database, which could then be exposed, this puts our data at great risk. With the average person having 191 passwords, it’s no surprise that many of us choose convenience over security and reuse passwords across different websites. Whilst this makes our lives simpler, we are making it incredibly easy for a hacker – they only need to crack one of our passwords, and chances are, they can then use this to unlock a treasure trove of our personal information. With the development of password managers, help is at hand.”
Despite the promise of new authentication systems which rely on strong cryptography, the day when we can all throw our digital codes in the Recycle Bin seems just as far away as it ever did, suggests David Warburton, Senior Threat Evangelist at app and cloud security product company F5 Networks.
“The rise of authentication technologies, such as biometrics and facial recognition, come with promise of stronger security for online consumers but the cyber criminals seem to do a far better job of adapting to change than the rest of us. Biometrics can often be tricked and attackers increasingly use insidious social engineers tricks to get around hardware security tokens such as bank card readers.
“Attackers are increasingly relying on social engineering tactics, such as phishing, to deceive users and grab their names, addresses and passwords. These can then use this to access any sensitive data that is not protected by multi-factor authentication.
“This puts businesses in a delicate position. How can they ensure they continue to implement the strongest security policies and outsmart hackers to protect their sensitive data? The best route businesses can take is to consider the context under which access is being requested. Where is the user located? Is this normal for this person? Are they using a corporate or personal device and do those devices comply to company standards? While multi-factor authentication must become the norm, it should not stop at simply using a hardware or software token since these can and have been bypassed by criminals employing social engineering tricks. But, perhaps most importantly, organisations need to ensure continuous security training is available and compulsory for all staff.
“Ultimately, as hackers continue to refine and evolve their techniques, so must businesses. Continuously evaluating security practices and authentication methods is crucial to implement new habits stay on top of a threat landscape that shows no signs of slowing down.”
Terry Ray of Imperva offers advice:
1) Change all of your passwords to something unique – and I don’t mean: Password1, Password2, Password3, etc. – something really unique. Use letters and numbers in nursery rhymes: “HDS4tOn4W@ll,” for Humpty Dumpty Sat On A Wall. Whatever works, put them in a password manager and move onto the next website. Turn on 2FA (two-factor authentication) whenever possible.
2) Prioritise your websites into important and unimportant. Do step one for all important websites and sacrifice the unimportant ones. Just never, ever use a password more than once for a website you consider important.
