World Password Day 2022: Here’s what some industry experts say:
Fabio Fratucello, Chief Technology Officer, Asia Pacific and Japan, CrowdStrike, says, “The problem of identity-centric compromises (password/credential thefts) is well documented. CrowdStrike’s Global Security Attitude Survey 2021 identifies this vector as one of the prominent security concerns for respondents from India with 49% saying they are worried about identity and credential theft.
Therefore, it is important for organisations to ensure adequate security controls exist to protect their identities; this can be obtained by adopting a zero-trust approach, by deploying and operating identity threat protection capabilities and by enlisting an expert and utilising a modern managed detection and response capability that can detect and respond to identity based threats. Cyber security awareness, training and education also play a critical factor and should be part of an organisation’s overall security program. On this World Password Day, it is important to create awareness around the importance of the identities and the need for good password security.
Today, we live so much of our lives online. We have become accustomed to sharing our personal information, often without considering the potential ramifications.
Individuals also should be concerned about password and credential thefts, as much of our lives are lived online. Below are some practical steps that individuals can take to improve the cyber security resilience of their identities:
- Always change default passwords and enforce strict password rules; weak passwords are a common culprit that let cyber criminals compromise credentials and use such credentials to further perform malicious activities. When it comes to passwords, consider using a unique, long and complex password. Protect your identity and never use the same password in two locations.
- Avoid clicking on malicious links or URLs that you are unfamiliar with; avoid entering your credentials into untrusted websites.
- Keep up to date on the latest scams and learn how to spot an attack.”
Paul Ducklin, Principal Research Scientist, Sophos, says, “The problem with passwords is that if they’re hard for criminals to guess, they’re also hard for you to remember. So, if you’ve fallen into the bad habit of choosing easy passwords, or if you repeat the same password over and over again, consider using a password manager instead. Password managers can make up weird and complex passwords automatically, mixing up All S0rts! OF Ch*r@cters, and remember them securely so you don’t have to. Also, password managers don’t remember websites by what they look like, which is something criminals can easily copy, but by matching the exact website name. Fake web pages, known as “phishing sites” because they try to reel you in like a fisherman and capture your password, won’t fool your password manager, even if the crooks come up with a website that looks very similar to the real thing. You might be tricked by a website name containing the digit one (1) instead of the letter “I”, or the digit four (4) instead of “A”, but a password manager won’t, so you’re much less likely to put your real password into a fake website by mistake. Even though lots of companies claim to be working on technologies to replace passwords completely, passwords are still a vital part of our everyday digital life, and will be for many years yet. So it’s still worth learning how to pick proper passwords, and how to avoid getting tricked by bogus “phishing” messages that lure you onto fake login sites to steal your password. Remember, not just on World Password Day, but on every day of the year: “If in doubt, don’t give it out!”
Sharda Tickoo, Technical Director, Trend Micro, says, “We are in a hybrid world today where many people are sharing devices and blending home and work life more than ever before. Passwords are not secure anymore and users end up exhausting the same password across multiple platforms. While educating users about password security is of utmost criticality, it also becomes imperative to have visibility that highlights if any password has been compromised such as credential theft in an organization and the vulnerabilities it brings along. To ensure that strong passwords are a part of your cyber hygiene, users should impersonalize their passwords by removing personal information, avoiding the same passwords across platforms as this creates avenues for hackers to guess and potentially attack them, and finally, using a password manager to manage multiple passwords across platforms. As we continue to accelerate the use of technology, the value of data and the risks associated with data exposure only increases. At Trend Micro, we strongly believe that security is not an afterthought. With our premier solutions like Vision One, we aim to give risk dashboards to enterprises so that timely action can be taken to mitigate the risks introduced.”