5th May World Password Day
What is your password hygiene level?
We were once advised to change toothbrushes every few months to keep bristles un-frayed. A similar adage for passwords also sounded. Guess these sayings got lost somewhere in transit. This World Password Day (5th May), let’s reevaluate our password hygiene levels.
It’s worrying that according to new research from security awareness training company, KnowBe4, more than a third (34%) of office workers across APAC are still using the same password for more than one account. The average person has anywhere between 70 and 100 passwords, and it is simply not possible to remember them all. Especially when you consider that passwords need to be unique, complex, and depending on where you read it, anywhere between 8 and 20 characters.
A 2019 study conducted by Google found:
- 59% of its users use their name and birthdate in their password.
- 43% have shared their password with someone.
- 20% have shared their email account password.
- Only 45% would change their password after a breach.
IT professionals are guilty too
Too many apps, too many websites, governs our life. Till the point where we get lazy and for the sake of convenience, connect new apps to existing accounts like Facebook and Google to bypass the dreaded process of registering a new account. If our Facebook or Google is hacked, the linked accounts will fall prey too. Before you step into the cycle of self-blame over ill advised password management, know that IT professionals are guilty of unhygienic passwords too.
The Ponemon Institute’s ‘The 2020 State of Password and Authentication Security Behaviours Report’ showed the results of a survey of more than 3,000 individuals and IT specialists. One of the most surprising findings was that 50% of IT professionals reuse their passwords across workplace accounts compared to 39% of the average users. In 2020 Verizon studied 868 breaches involving hacking and a staggering 80% were linked to passwords whether they be stolen or lost.
– Jacqueline Jayne, Security Awareness Advocate APAC at KnowBe4
You can’t pass without a word
Credential access is the No. 1 area of risk for organizations today, according to the CyberArk 2022 Identity Security Threat Landscape Report,. However, many organizations remain dependent on passwords to safeguard business software and other critical data, despite the fact that passwords are frequently used by attackers to gain entry and to leverage privileges once inside.
But all hope isn’t lost. Insights from Skillsoft, a learning management software enterprise, points to the significant rise in web traffic on security-related learning content.
Positively, as the volume and severity of malicious attacks continues to rise, so is organisations’ and employees’ attention to training and learning. From 2019 to 2021, Skillsoft observed nearly a 60% increase in the total number of hours that enterprise learners are dedicating to security content consumption. If we can continue this upward trend, we’ll all be better positioned to protect our information and prevent malicious activity damaging our personal and professional accounts.
– Mike Hendrickson, VP of Tech and Dev, Skillsoft
Another tech leader, Teck Wee Lim from CyberArk, a security company offering identity management, also weighs in on how organisations can strengthen their password game.
This Word Password Day, organisations should consider eliminating password pains for business apps and other sensitive data by using passwordless authentication such as multi- factor authentication (MFA) and biometrics. A strong passwordless experience can be created by authenticating each identity with a high degree of accuracy — a foundational Zero Trust component. When combined with broad least privilege enforcement, context-aware access controls and continuous monitoring mechanisms, organisations can benefit from a structured way to secure digital identities that every staff member possess— human or machine — without slowing things down.
– Teck Wee Lim, Head of ASEAN, CyberArk
Password-ing your personal data
Passwords are something which none of us enjoy. They are, however, a necessary evil that will continue to exist for some time. Until we have a better choice, here are the top 6 things you can do to keep your passwords secure, strong, and protected from hackers:
Tips from Jacqueline Jayne, Security Awareness Advocate APAC at KnowBe4
- Invest in a Password Manager Tool (start here https://au.pcmag.com/password-managers/4524/the-best-password-managers).
- Use multi-factor authentication (MFA) when you can and where it makes sense.
- On the web, if you think your password may have been compromised, change it at once and then check your other website accounts for misuse.
Tips from Mike Hendrickson, VP of Tech and Dev, Skillsoft
- Use a tool to generate new passwords, as long as it encrypts its storage of the passwords.
- If you have to write your passwords down, make sure they are kept in a secure place that only you know about.
- Make sure if you have a router/wifi device in your home, that you log into it directly and reset the admin name and password, and not to the default of admin/password.
Pro tip on creating a strong, complex password
Next level tip from Jacqueline Jayne, Security Awareness Advocate APAC at KnowBe4. Follow these steps to make a virtually un-crackable password:
- Think of a phrase or sentence with at least eight words. It should be something easy for you to remember but hard for someone who knows you to guess. It could be a line from a favourite poem, story, movie, song lyric, or quotation you like. Example: “I Want To Put A Dent In The Universe”
- Remove all but the first letter of each word in your phrase: IWTPADITU
- Replace several of the upper-case letters with lowercase ones, at random: iWtpADitU
- Now substitute a number for at least one of the letters. (Here, we’ve changed the capital “I” to the numeral 1: iWtpAD1tU
- Finally, use special characters ( $, &, +, !, @) to replace a letter or two — preferably a letter that is repeated in the phrase. You can also add an extra character to the mix. (Here, we’ve replaced the “t” with “+”, and added an exclamation point at the end.) : iW+pAD1tU!