Passwords – the most common and effective authentication method to securely log in systems and keep data secure – have now become a potential security risk, making our data vulnerable more than ever before. Despite security awareness and training, poor password hygiene like reusing passwords easy-to-guess/weak passwords pose a serious threat to both corporate data and users’ personally identifiable information (PII). According to a recent survey by Visual Objects, 63% of employees in the U.S. have reused their passwords on work accounts and devices. It was found that employees are 6.5 times more likely to reuse work passwords.
By Rudra Srinivas, Senior Feature Writer, CISO MAG
Another survey revealed that 15% of Britishers use their pet’s name as passwords to most of their online accounts. Apart from their pet’s names, most of the Brits often use easy-to-guess passwords including family members’ names (14%), a significant date (13%), or their favorite sports team (6%). In response, the U.K. National Cyber Security Centre (NCSC) issued a warning to its citizens, urging them to use stronger and unique passwords.
To encourage users to practice strict password habits, security expert Mark Burnett, in 2005, launched a book, Perfect Passwords: Selection, Protection, Authentication. The book also floated around the idea of dedicating a day each year to change passwords. Later in 2013, Intel took the initiative and declared the first Thursday in May to be observed as World Password Day. But the current scenario is different. With users having multiple email accounts, social media accounts, passwords must be changed more often rather than waiting for a year.
One of the most common challenges faced by users today is managing multiple account passwords. Hence, more often, they end up reusing passwords, which only validates the magnitude of the problem. A relatively safe way to remember passwords is using a password manager that stores all passwords in an encrypted database. Some of the password managers also offer features such as a strong password generator, which fulfills all security requirements.
2FA and Future of Authentication
Poor password habits have resulted in several data breaches and cyberattacks. With users opting for easy-to-remember passwords rather than focusing on security, organizations are looking for alternate authentication procedures.
Although two-factor authentication (2FA) protects against phishing and social engineering, authentication solutions need to go beyond because even 2FA is vulnerable and can be bypassed if implemented poorly. Proofpoint revealed critical flaws in 2FA implementation in cloud environments, which could allow attackers to bypass 2FA and access cloud applications that use Microsoft 365.
Brute-forcing 2FA codes, real-time phishing, and channel hijacking are some of the common flaws used by attackers to evade security.
Recently, Microsoft’s GitHub announced that it is going to stop accepting account passwords to authenticate Git operations from August 13, 2021, and move to a token-based authentication method. Search engine giant Google, in its Chrome OS version 88 update, recently introduced web authentication (WebAuthn), or passwordless authentication, which allows users to sign in to websites using their fingerprint. With this, users can sign into websites, including Google, Dropbox, GitHub, Okta, Twitter, and Microsoft, by simply scanning their fingerprint that is registered to unlock their Chromebook.
Expert’s Take in The Issue
Talking to CISO MAG on the importance of passwords, Ritesh Chopra, Director Sales and Field Marketing, India & SAARC Countries, NortonLifeLock, said, “The remote working trend and the heightened dependence on digital platforms brought about by the ongoing pandemic have contributed to an increase in cyberattacks, with cybercrime rising through unsecured networks, websites, and emails. We often save financial data, personally identifiable information (PII), contacts, credit, and debit card information on our personal devices.”
“All this data is at risk online. One of the ways we can secure it is by using password managers that allow us to keep multiple and more complicated passwords. It is good that consumers today recognize the need for cyber safety and that it can start with something as simple as having stronger passwords,” Chopra added.
Ritesh Chopra also suggested a few tips to make passwords more secure. These include:
- Make your password a sentence. A strong password is a sentence that is at least 12 characters long. Use quirky sentences that are not commonly used. Some sites even allow you to use spaces in passwords.
- Have a separate password for each account; it helps to thwart cybercriminals. At a minimum, separate your work and personal accounts, and make sure that your most important accounts have the strongest passwords.
- People often tend to forget passwords. So, keep a list of your passwords and store it in a safe, secure place away from your computer. Alternatively, you use a service like a password manager to keep track of your passwords. Every account you log into, and every device that you use has so much information that could harm us if it falls into the wrong hands.
About the Author
Read More from the author.