Thursday, 5 May 2022 is World
Password Day. Intel created World Password Day in 2013, designating the first
Thursday of May each year to raising awareness about the role strong passwords
play in securing our digital lives. The objective of this day is to raise
awareness of the importance of using a unique password for each account you
have and promoting better habits of password management, both for individuals
and organisations.
Passwords have been used for
authentication of users for over 60 years, and while alternatives like
biometrics and facial recognition are becoming more mainstream, passwords still
remain the go-to method of authentication, even though they're vulnerable to
brute-force attacks.
Passwords are an integral
security measure for your digital identity and provide access to several online
services. However, many people still use the same password for all their
accounts and store this password in an insecure manner.
In the spirit of World
Password Day, ManageEngine,
the IT management division of Zoho Corp, is offering its top four best
practices for password management to keep your data and devices secure from
cybercriminals.
1. Invest
in a reliable password
vault
The passwords you use to
access your online accounts should be strong and shouldn't be used across
multiple accounts. If you've used the same credentials across different
accounts and a cybercriminal manages to crack your password, they'll be able to
access all your accounts. It's impossible to remember dozens of different
passwords and which one you chose for which account, which is why so many
people use a variation of the same password across different accounts. But this
habit is also a dangerous practice because variations of the same password are
not hard to crack if one of them has been identified.
Organisations are home to a
vast number of privileged accounts that give users elevated access to sensitive
business information. Safeguarding access to privileged data and resources is
critical given the omnipresent nature of passwords across corporate networks.
Manually maintaining spreadsheets of classified information, including
passwords, keys, and signatures, is not only time-consuming but presents a huge
risk to security should a malicious insider or outside attacker gain access to
this documentation.
Password vaulting refers to
taking highly privileged accounts and passwords out of the hands of users and
storing them safely in a secure vault. User access is controlled via a
role-based control mechanism. Once the user logs out, the password is rotated,
ensuring that the privileged accounts are secured.
A password vault:
- Secures
credentials in a digital vault without exposing them in hard-coded format.
- Gives access
only to administrators and authorized users.
- Rotates
passwords both by schedule and on demand.
- Generates
random passwords for one-time, user-based access.
- Allows the
sharing of passwords with various permission levels.
2. Make sure
your passwords are complex and hard to guess
Weak passwords, including the most commonly used passwords, can be cracked in
seconds. The longer and more unusual your password is, the harder it is for a
cybercriminal to crack. Using three random words out of
context along with making your passwords complex (i.e., creating passwords full
of random characters, symbols, and numbers) is a good way to set a strong
password.
3. Don't give
away clues to your password via social media and personal activities
Avoid creating passwords from
significant dates (like a loved one's birthday or your own birthday), and don't
use the name of your favourite sports team or a pet's name. Most of these
details about you can be easily discovered on your social media profiles. Never
write down your passwords and leave them on a note near or on your laptop. If
you work in a busy environment with multiple people around your workstation,
you don't want to leave any nearby clues or prompts to your passwords that may
attract a malicious insider to attempt brute forcing your account.
4. Adopt
two-factor or multi-factor authentication as part of your security
protocol
Complex and regularly updated
passwords are a reliable form of security; however, even the strongest password
can eventually be cracked with enough time. To fully mitigate the threat of a
brute-force attack, you need to enable two-step verification or multi-factor
authentication on all your online platforms. This way, even if an attacker
correctly guesses your username and password, they'll still need to complete a
second factor of authentication, like entering a one-time password sent to your
email, before they gain access to your account.
Mitigating the risk of
password-only authentication
Kumaravel Ramakrishnan,
technology director at ManageEngine, says, "According to Verizon's 2021 Data Breach Investigations Report, over
70% of security breaches involved passwords and credentials. With the rapid
adoption of hybrid work culture, the amount of remote privileges a person
requires is ever-increasing, emphasising the need to secure passwords and
control unauthorised access. A compromised password is an easy way for hackers
to infiltrate critical information systems and access sensitive data without
being detected. Passwords are an extremely effective tool, but only when
they're properly managed. A mix of password policies and technology can bolster
defences against infiltrators and privilege abuse. This applies to both
individual employees and organisations as a whole."
This World Password Day, take time to think about
protecting your passwords and the data your passwords protect. Begin your
journey of securing your passwords today.
##