The first day of February each year marks Change Your Password Day. Passwords often provide the first defence for critical personal and professional information, and whilst many cybersecurity experts suggest changing passwords every three months, nearly half (44%) of internet users rarely reset their passwords.
Leaders from throughout the cybersecurity industry can agree — strong passwords are crucial:
"Passwords are one of the simplest security tools to implement and use across organisations, and yet a lot of people get them wrong, even dangerously so,” says Elliott Wilkes, Chief Technology Officer at Advanced Cyber Defence Systems (ACDS).
"The process of managing passwords, with increasing complexity requirements, means that users re-use passwords across systems when they find something that works. When one of the sites is compromised and has a data breach, attackers grab the leaked username, email, and password combinations and then try those for other sites. And if you’ve ever checked yourself using a breach report tool, you’ll realise that many of the sites you use have had breaches in the past 5-10 years, so if you have an old and unused email address, you have an acute risk of your account being compromised using those old, leaked credentials. One way to overcome password reuse is to use a password manager, which generates random passwords and stores them securely.”
“Things changed with the introduction of Multi-Factor Authentication (MFA). MFA requires users to not only validate their possession of a password but also their ownership of the assets it guards,” adds Boris Cipot, senior security engineer at the Synopsys Software Integrity Group.
Best practises in password security
“While MFA enhances security, it remains imperfect, albeit a considerable improvement over no protection at all. Unfortunately, MFA implementation remains inconsistent, lacking the universal adoption it deserves. The primary issue with authentication technologies lies not in their design flaws but in their susceptibility to misuse,” Cipot says.
“For instance, the notion of a "strong" password can be misleading. Many algorithms rate "Password123!" as highly secure, despite its vulnerability to exploitation. Similarly, the advice to change passwords regularly aims to mitigate risks associated with data breaches. However, frequent changes often lead users to create easily memorable combinations like "1Password!" or "P@ssword321!"—counterproductive to security.”
"Weak and compromised credentials are the most common way that accounts are hacked. While no one likes updating their passwords, Change Your Password Day is a great time to recognise and enforce this critical best practice,” shares Darren Guccione, CEO and co-founder of Keeper Security.
“Account protection begins with a secure password that is not easily guessed and has not been used for any other accounts. It’s recommended to use a password of at least 16 characters, with a variety of numbers, uppercase and lowercase letters, and symbols. Multi-factor authentication (MFA) should be enabled whenever possible. Adopting a trusted password manager helps secure passwords, and eliminates the headaches that come with updating and remembering them. At the end of the day, generating strong, random passwords for each account and storing them in an encrypted vault is the simplest, most secure, and effective method to manage the plethora of passwords that we all have to contend with."
“While it may seem tempting and convenient, using the same password for multiple accounts poses a significant security risk. Reusing passwords exposes both individuals and businesses to credential-stuffing attacks,” concludes Andrew Confield, senior threat analyst at Adarma.
“In such attacks, hackers leverage exposed credentials to test them across various websites. If a few passwords grant access to multiple accounts, attackers can swiftly compromise numerous accounts with ease. The situation becomes even more critical when individuals use identical passwords for both personal and work accounts. This creates a potential gateway for attackers to infiltrate sensitive business systems through compromised personal accounts.
“A far more secure solution to managing multiple passwords is to adopt a password manager. This powerful tool can generate and suggest alternative passwords for your various accounts, leaving you with the sole task of remembering the master password for the password manager itself.”
Cyber Magazine is a BizClik brand