World Password Day: May the cyberforce be with you?
Weak passwords are a huge threat vector and one of the big points to attack and can lead to data breaches, phishing scams, and ransomware attacks.
The inception of passwords in the 1960s changed the digital world as we know it.
Passwords are now an unconscious standard practice in our lives, from your first pet to the street you grew up on, they are deeply ingrained in our minds.
Passwords today are the primary guardians of our privacy, personal data and finances.
Despite this knowledge, passwords are often viewed complacently, even though simple, easy-to-guess passwords are insecure.
Your dog’s name, your spouse’s name, your birthdate, and other words and phrases related to your life that are easily discoverable on your social media profiles are just that – easy for attackers to discover.
While the onus of ensuring security and protecting data does lie on the companies who collect/store this data, there is quite a bit consumers can do from their end to secure their credentials.
World Password Day is driven by the purpose to raise awareness about the importance of strong passwords and encourage individuals and organizations to take steps to improve their password security.
With the increasing prevalence of cyber-attacks and data breaches, it is more important than ever to use strong and unique passwords to protect our online accounts and personal information.
Based on research, 91% of people know that using the same password on multiple accounts is a security risk, yet 66% continue to use the same password anyway.
Steven Sheurman, Regional Vice President - ASEAN Palo Alto Networks, provides simple but effective
● Set guidelines for passwords that prevent password spraying: Ensure long passwords with a good mix of different character types- letters, numbers, special characters, an 8-character password is easier to guess by a computer than a 16 or 24-character password.
● Avoid vulnerable passwords that are easily guessed or already compromised: If you go and google ‘commonly used passwords’ you’ll see a list that is used by any attacker when they are trying to guess passwords. If there is a default password on an internet-facing device, or even internally. change it ASAP!
● Avoid reusing passwords: Everyone hates remembering passwords, there are some great options using the passphrase options. We can possibly use it to create unique passwords that are easy to remember. Be wary of password managers - several have been hit recently and some of them multiple times. But they can also be an option.
● Require password updates at set frequencies: This is a pain, but think of it as the standard operating procedure for business risk reduction. It doesn’t take that long to do and helps secure the organisation if a set of credentials IS stolen or phished somehow.
● Use multi-factor authentication methods: If a password is stolen or guessed, no matter how hard you’ve tried to be unique, having other methods to confirm it is you trying to get to a resource or a web service that you use is vital.
Many different cloud, security and operating system vendors have a multi-factor authentication app that you can install on your phone to link to almost every website that supports it.
By taking these steps, individuals and organizations can help improve their password security and protect their online accounts and personal information.
