World Password Day 2024: Insights from Cybersecurity Experts : @VMblog

Article

Search:

Follow VMblog.com:

Improve end user experience in VDI, DaaS and physical endpoint environments

World Password Day 2024: Insights from Cybersecurity Experts

Password Day

As World Password Day 2024 approaches on May 2nd, the importance of strong password practices and robust cybersecurity measures has never been more crucial. In today's digital landscape, where cyber threats are constantly evolving, protecting our online accounts and sensitive information has become a top priority for individuals and organizations alike.

In this VMblog article, we've gathered insights from leading cybersecurity experts to shed light on the latest password security trends, best practices, and innovative solutions. From addressing the challenges of password fatigue to exploring the future of passwordless authentication, our esteemed panelists offer invaluable perspectives on navigating the ever-changing realm of cybersecurity.

As we navigate the complexities of online safety, it's essential to stay informed and adopt proactive measures to safeguard our digital identities. World Password Day 2024 serves as a timely reminder to reevaluate our password hygiene and embrace cutting-edge security strategies. Join us as we dive into the wisdom and recommendations of industry leaders, equipping you with the knowledge to fortify your online presence and stay one step ahead of cyber adversaries.

DARREN GUCCIONE, CEO AND CO-FOUNDER, KEEPER SECURITY

"Despite decades of advice to enterprises and consumers about following password best practices, Verizon's recent Data Breach Index Report found that 74% of data breaches involve the human element - including stolen credentials, phishing attacks, misuse or simple user error. Stolen or weak passwords remain a leading cause of breaches, and poor password practices abound for both consumers and enterprise users alike. Recent research reveals that 52% of enterprise IT teams struggle with frequently stolen passwords, while additional research shows that 3 in 4 consumers are at risk of being hacked due to poor password practices.

These alarming statistics underscore the importance of following password best practices such as creating strong, unique passwords for every account, and enabling Multi-Factor Authentication (MFA) wherever possible. Utilizing a zero-knowledge, zero-trust password management solution can help enterprise and consumer users prevent successful data breaches stemming from phishing and password-based attacks, among other common cyber attacks.

At the enterprise level, a Privileged Access Management (PAM) solution that enforces least privilege access, and enables IT and security leaders to easily manage and secure passwords, secrets and remote access, is critical to prevent and mitigate the effects of insider and external password attacks. If a cybercriminal does gain access to an organization’s networks, PAM platforms minimize the blast radius by preventing lateral movement.

Against this backdrop, World Password Day must no longer be a day of awareness. It must be a day of action and commitment to adopting solutions that keep all users safe and enforce cybersecurity best practices."

Anthony Cusimano, technical director at Object First

"This World Password Day, it might be more apt to prepare for passwords’ funeral than a day of celebration. Google, Microsoft, and Apple, amongst many other tech giants, have all begun to look at passkeys and password-less accounts in the future, and passwords will likely be nothing but a fun memory in years to come. Although passwords are about as good as a paper door for any hacker worth their salt, that doesn’t mean that we should let slide the best practices that made passwords secure in the first place.

Protect your digital security by sticking to the following guidelines:

Mash that keyboard. The more human your password is, the more likely brute force attempts will crack it fast. Use a combination of letters, numbers, and special characters – the uglier the password, the more secure.
Do not reuse passwords. No exceptions.
With additional security practices like multi-factor authentication, face ID login, and password apps, always take advantage of the services at your disposal and make sure to opt for more security when it’s offered. "

Matthew Parsons, Sr Director, Product Management, 11:11 Systems

"World Password Day, first introduced in 2013, is more relevant now than ever with stolen or compromised credentials ranked as the #1 most common initial attack vector in data breaches the past 3 out of 4 years, according to IBM's Cost of a Data Breach report. With all the security components that encompass a robust, least privilege zero trust architecture, it is easy to overlook one of the most basic tenets of authentication and security, the password! This includes basics such as:

Always deploy Multi-Factor Authentication
Enforce policies for password length and character complexity
Enforce policies for regular rotation, do not allow old password or variations of old passwords
End user training on password best practices, i.e. never use your same corporate password for accounts on any other sites whether work related or personal, don't save password on your computer or on sticky notes, etc.
For application calls and access, using certificates or tokens vs hard-coded username/passwords

Whether we like it or not, passwords are going to be a part of the IT world for some years to come, so it's critical that organizations take the time to regularly review, update, and train around their corporate password policies. As one of the top exploited initial attack vectors, your password and authentication policies could mean the difference between a thwarted scare and full blown ransomware!"

Christopher Rogers, technology evangelist at Zerto, a Hewlett Packard Enterprise company

"This World Password Day, I encourage organizational security teams to take a step back and gauge the effectiveness of current cybersecurity training protocols. Organizations cannot expect employees to know the ins and outs of cybersecurity; instead that responsibility falls on IT teams that must take charge and educate employees on proactive and effective security practices. By ensuring comprehensive and proactive cybersecurity training is in place, organizations proactively protect themselves and their employees from avoidable security breaches."

Darren James, SR. Product Manager of Specops an Outpost24 Company

"If you think that putting a capital letter at the beginning of your password, the second character then being a lower-case vowel, and a number (or an exclamation mark) at the end makes your password strong – please think again. Remember ‘longer is stronger’ and use a memorable passphrase instead."

Andy Fernandez, Director, Product Management, HYCU, Inc.

"Even if you follow every rule in passwords, businesses are still being compromised. As long as humans are involved, you need to think beyond the password. Forget clues you think are easy to remember, your dog’s name, address, sequence of numbers, etc. you need to think about resilience and your ability to recover WHEN something happens. World Password Day reminds us to reflect not only on the safe choice of passwords but to maintain vigilance to remain resilient."

++

David Cottingham, President of rf IDEAS

"This year’s World Password Day represents a pivotal shift in cybersecurity where we recognize that passwords alone can no longer protect our people, processes, and data. It comes down to empowering organizations to embrace advanced authentication solutions that prioritize user experience and enhance security strategies. Not only does passwordless authentication reduce breach risks and the costs associated with them, but it also strengthens vital factors on an organizational level like productivity and employee satisfaction. Companies need to start playing a role in this migration away from traditional passwords as a single source of authentication while providing organizations a practical authentication solution through a passwordless framework that is at the forefront of the convergence of physical and logical access."

Rich Campagna, SVP, Product Management, NextGen Firewall at Palo Alto Networks

"World Password Day is a great reminder for organizations that the best password is no password at all! Compromised credentials are the starting point for a high percentage of cyber attacks, and moving to passwordless authentication via biometrics and multifactor authentication helps to minimize the password attack surface, in addition to simplifying the end user experience and reducing the password management burden."

Bogdan Botezatu, Director of Threat Research & Reporting at Bitdefender

"As we celebrate the 11th edition of World Password Day, I think it's only fair to take a look back at the history of passwords and wonder how they still are a thing in 2024 and why we are celebrating them instead of slating them for a well-deserved retirement.

On a more serious note, passwords have been around since forever – way before the invention of the computer – and they are indirectly responsible for the bulk of data breaches identified throughout the last decade. To date, more than 12 billion accounts are known to have been breached and traded on specialized forums, and that is a conservative estimation based on public leaks. The consequences of weak passwords are not just inconvenient but potentially devastating for both companies and individuals, as they often protect important assets that are made to be kept away from prying eyes: medical records, finances, intellectual property, or trade secrets.

And while tech giants put great effort into migrating the digital realm away from passwords and into technologies that are more resilient to cyberattacks, passwords are expected to still be used as primary authentication technology in the coming years. In these circumstances, it is important though to understand how to implement additional safety mechanisms to substitute for what passwords can't do:

First and foremost, ditch passwords everywhere alternative methods are available. Sign in with social accounts, passkeys, one-time passwords pushed through a web app, biometric logins, FIDO keys. These are just a few of the modern alternatives to passwords.
If passwords are still a must, make sure they are randomly generated, long and complex, and stored safely. A password manager can suggest complex, unique passwords and store them in a secure way. All you need to remember is a complex master pass.
Complement passwords with multi-factor authentication wherever possible. Try to avoid SMS-based OTPs, if possible, but even these are better than nothing. Ideally, as you're building your presence online, you might want to use dedicated e-mail and password combinations for every account you create. This is more complex but helps you compartmentalize better and minimize your online footprint.
Last, but not least, stay up to date with what the Internet knows about you. A digital identity protection solution will help you keep tabs on when and where your data shows up online so you can take immediate corrective actions when some of your accounts get breached."

Neeraj Methi, VP Solutions, BeyondID

"Password – This word makes me cringe as I’m sure it does for many of you. It’s become part of our daily frustration because we must use it all the time, whether to access our computer, phone, applications, bank account, kids’ school accounts, credit card, healthcare provider, email, community portal, etc. - the list is endless. How are we supposed to remember and come up with creative and complex passwords for a never-ending list of accounts we need to get access to daily.

We all should assume our passwords are out there on the dark web, no matter how complex or creative we get with the passwords we create. The number and frequency of data breaches mean our passwords are getting into bad actors' hands.

Given this challenge, we must eventually leave passwords behind. Are we there yet? No, but the good news is, passwordless capabilities are here and being used already. It serves two very important purposes: 1) It’s much more secure; 2) It's a better user experience. On a world password day, lets pledge to get everyone and everything to passwordless to help reduce frustration and improve security."

Carlos Morales, SVP of Solutions at Vercara

"Passwords can be a pain to manage, remember, and keep track of, and almost everything you do on the internet requires one. Because of this, people have a natural inclination to use simple or even default passwords that they then re-use across many applications and services. Ask around at the next family party you go to, and you may be surprised by how many of your family members are willing to share their passwords with you and how many use simple passwords. This situation makes it relatively easy for malicious actors to break into people’s accounts using their actual credentials. Password managers have been around for a while, are relatively easy to use, and do a very nice job of keeping track of all your complex passwords. Multi-factor authentication is also readily available in most applications as an option. Despite this, when given a choice, many don’t choose to adopt either one of these, and stick to the easy passwords.

The onus is on businesses to force their internal users and/or consumers of their applications to adopt stronger passwords, force password changes with some frequency, and turn on multi-factor authentication by default. Educating users on good password hygiene is good but it only goes so far in generating different behavior. Forcing users’ hands is a better option to ensure compliance of users and consumers. Businesses then can focus their education efforts on the tools, such as password managers, and techniques that their users can leverage to meet the new password requirements."

Adam Brown, Managing Consultant at Synopsys Software Integrity Group

"In the age of biometric authentication, traditional passwords are not a good form of authentication anymore – even ‘leet’ speak passwords such as P@55w0rd are in every attacker’s dictionary. Organizations can ensure the security of their users’ passwords by educating them on the benefits and ease of using passphrases over passwords. Yes, they take a little longer to type but they are just as easy to remember and have a much better resistance to password busting techniques.

When it comes to balancing the need for strong, complex passwords, but being able to remember them easily, memorable phrases are essential, but it’s also important not to reuse them. All it takes is one service provider to have poor data and password storage methods and that passphrase is out there in the wild along with your email address and other personal data, therefore attackers then have access to any other sites you use that same passphrase on. Password managers can help here such as the one built into Apple devices or third party providers who will charge a very small sum each year for use.

With the rise of cyber threats, one innovation we can anticipate is passwordless, which is on the rise – and we are at the mercy of our technology providers for the rate of adoption. Third party authentication providers are making this easy for technology providers to adopt.

My top five password safety practices:

Use passphrases, different for each site / service.
Use a password manager with a strong and long passphrase to access.
Where available, use multifactor authentication (such as fingerprint / FaceID), and use token utilities such as google authenticator, where you are asked for a 6 digit pin that generates every 30 seconds.
Enable multifactor authentication on websites, which is common in banking where there will be a call to your phone with a unique pin.
Be very aware of scams, especially when someone is asking you for your password or if there is any unusual or fishy behavior related to access to a service you use."

Jason Keenaghan, Director of Product Management, IAM at Thales

"Every year World Password Day comes around, and every year we see the same advice about the need for strong passwords issued. The advice simply isn't working. Passwords are no longer fit for purpose - they're easily hacked and put too much onus on the end-user. Our recent Digital Trust Index research found that 64% of customers are frustrated with cumbersome password resets, and with human error still the leading cause of data breaches this should be a leading concern for businesses too. Developments in AI and quantum computing, which will put how and what data is used firmly in the spotlight, only further make this a pressing need.

"If we need an awareness day, it's time to re-brand and highlight the importance of passkeys. Using cryptographic techniques, passkeys are harder to crack – making them far more secure. They're also automatically generated and can be safely stored on devices, making it easier for the consumer and eliminating the need to create long, complex passwords or phrases. Finally, passkeys enable greater privacy by granting authentication without handing over sensitive information – reducing the risk of data breaches.

"We're already seeing great strides in this area, with Google last year announcing that passkeys are now enabled by default for users, with Amazon and Apple adopting too. This is the type of development that needs to be promoted, which is why we strongly believe World Password Day should be consigned to the history books."

Shiva Nathan, Founder & CEO of Onymos

"As we observe World Password Day this year, it is important to recognize that traditional passwords are far from being obsolete. While passkeys from major players like Apple, Google, and Microsoft are gradually being integrated into various software, applications, and technologies, a complete transition to this authentication method will require significant time and effort – especially in terms of generating consumer buy-in and usage. The software, application, and technology providers that leverage various authentication methods will also have to ensure that they not only address the updates from these companies but also provide the authentication methods their users are still demanding. Additionally, we are also seeing new trends related to multifactor authentication. Software and technology products have already been leveraging this authentication method for years, but threat actors are becoming more advanced — and MFA is becoming more vulnerable. This underscores the need for additional security measures that will augment and fortify MFA, including biometrics and trusted authenticator applications."

Stuart Wells, Chief Technology Officer at Jumio

"World Password Day reminds us of the critical vulnerabilities of relying solely on password-based authentication. Passwords are easily guessed, cracked and reused across multiple accounts, making them a prime target for cybercriminals. Traditional authentication methods measures like knowledge-based authentication (KBA) and SMS-based two-factor authentication (2FA) are no longer sufficient in protecting against increasingly sophisticated attacks.

To protect users in an increasingly connected world, organizations must adopt more robust and reliable methods of passwordless authentication. Biometric authentication offers a more secure and intuitive experience, ultimately reducing the impact of hacks and online fraud. Smartphone users are well-acquainted with biometric authentication, which paves the way for businesses to introduce passwordless authentication alternatives. Using biometrics at account creation and on an ongoing basis not only offers better protection against account takeover fraud but also eliminates the need to remember complex passwords and initiate password resets, which we all find annoying. It also discourages password sharing, which can inadvertently lead to data breaches and more compromised accounts.

In an age of AI-assisted cyberattacks, World Password Day needs to become World Passwordless Day. The password has outlived its usefulness, and we need stronger ways of protecting ourselves online."

Carla Roncato, VP of Identity, WatchGuard

"On this World Password Day, we should all consider adopting passkeys. As a form of passwordless authentication, passkeys aim to eliminate the inherent risk factors of traditional credentials.

Here are the steps to set-up a passkey in Google Chrome browser on a Windows 11 laptop that is already enabled with Windows Hello Face Recognition:

Log on to your Google Account at myaccount.google.com using Chrome browser.

On the left side of the window, click on Security.
Under the “How you sign in to Google” section, click on Passkeys.
Click the “Create a Passkey” button.
Follow the prompts to verify your identity and “Save your Passkey”.
Set the option to skip passwords when possible in your security settings.
Test your passkey by signing out and signing in again.

Passkeys can be created on these devices:

A computer that runs Windows 10 or 11, macOS Ventura+, or ChromeOS 120
A mobile device that runs at least iOS 16 or Android 9
A modern browser such as Chrome v123.0 or Edge v123.0
A hardware security key that supports the FIDO2 protocol (optional)

And remember, any use of biometrics and biometric data for fingerprint or face unlock remains on your device and is never shared with Google (in this example) or any website that accepts passkeys.

It’s also time to adopt complex passwords – consisting of >16 random characters or passphrases unique for every login – and utilize a password manager. With a password manager, you’ll only have to remember one password: the one for your vault. But since passwords alone are woefully insufficient, you should always use multi-factor authentication (MFA). By combining multiple factors of authentication, you verify that the user of your credentials is really YOU, creating a significant (albeit not a complete) deterrent for hackers attempting account takeover."

Neil Jones, Director of Cybersecurity Evangelism, Egnyte

"This is a pivotal World Password Day because password protection is diverging into a “Tale of Two Approaches.”

Companies that are at the forefront of password security have incorporated passkey protection and biometric authentication into their authentication processes. As such, they have vastly reduced the risk of password theft and smishing attacks that can be perpetrated on mobile devices.

Password security leaders also cultivate a security culture that embraces best practices like these:

Utilization of Multi-Factor Authentication (MFA).
Establishment of mandatory password rotation and requirements that encourage employees to change their passwords and passphrases on a regular basis.
Account lockout requirements to immediately disable users' access after multiple failed login attempts.

In addition to adopting the best practices above, you need to educate users about the significance of password safety and remind users that passwords should never be shared with anyone, including their most trusted business colleagues."

Anna Pobletts, Head of Passwordless at 1Password

"For many decades, passwords have been key to both unlocking and securing our digital lives. However, as new technologies have emerged and threats have become more pervasive and sophisticated, World Password Day this year may call for a slightly different focus.

Human error accounts for more than three in four breaches, showing up in the form of weak or reused passwords and outdated authentication methods. While many people continue to rely on passwords today to secure their digital information, the reality is passwords aren’t keeping pace with the speed of technology and are only causing people more login friction.

Over the last two years, passkeys have gained traction with early adopters, including some large consumer brands. Passkeys raise the bar for security by eliminating the need for humans to generate, remember, and manage strong and unique passwords for each of their accounts. On top of that, the experience of using passkeys is comparable to what most people already expect when unlocking their devices – think Face or Touch ID. Passkeys also effectively remove the threat of phishing because there’s no credential for bad actors to target in the first place.

For the first time, passkeys have shown that security and user experience don’t have to be mutually exclusive. The combination is so compelling that even the federal government recently suggested incorporating passkeys into our digital identities across different devices.

So this World Password Day, let’s celebrate and say thanks to the password, while also making space to embrace the passkey."

Craig Davies, CISO at Gathid

"World Password Day serves as a vital reminder of the importance of proactive digital security. While strong passwords remain a foundation of protection, they alone are no longer sufficient. World Password Day isn't just about changing your passwords. It's about building a smarter, more secure approach to your digital life.

Start by making unique passwords your rule of thumb and make sure you use a password manager. Any password used in multiple places creates a significant security risk, particularly if compromised. Additionally, activate multi-factor authentication (MFA) wherever possible for a crucial extra layer of protection. Opt for a dedicated authenticator app on your phone for enhanced security over SMS-based codes. And remember to never share your authentication codes.

Finally, keep an eye out for passkey login options. This emerging passwordless standard, which major companies like Google and Apple already support, replaces traditional text-based passwords with a unique digital key linked to your device, making it far tougher for hackers to crack. Whenever a website offers a passkey option, make the switch for enhanced protection."

++

Gary Orenstein, Chief Customer Officer (CCO), Bitwarden

"World Password Day underscores the crucial role of cybersecurity habits both at home and in the workplace. The 2024 Bitwarden World Password Day survey reveals individuals often transfer poor password practices from their personal lives into their professional environments, significantly jeopardizing organizational security resilience. The survey found that 25% of global respondents reuse passwords across 11-20+ sites or apps at home, with 36% using personal information in their passwords that can be easily accessed on public platforms like social media. Forty-two percent admit to somewhat or very frequently accessing personal and work data in public spaces and networks.

These practices persist in the workplace, where 37% admit to risky security behaviors, such as relying on memory (53%) and pen and paper (34%) to manage passwords at work. Forty-seven percent frequently reuse passwords across work accounts; 35% store passwords insecurely; 39% use weak passwords.
These habits underline the urgent need for companies and IT teams to intensify education efforts to build employee awareness about secure password practices, as well as to implement robust password management policies. This means advocating for and deploying comprehensive password management systems that discourage reuse and simplify the creation of strong and unique passwords. Implementing interactive and engaging training programs to include regular updates on the latest security threats and best practices is also critical.

Companies should encourage adoption of multi-factor authentication (MFA) across all systems to add an extra layer of security and reduce reliance on passwords alone. These steps are essential to mitigate the financial and reputational risks associated with poor cybersecurity practices and to bridge the gap between recommended and actual user behavior."

Chris Gibson, CEO, FIRST

"The accelerated pace of publicly available AI advancements also introduces a new dimension of risk and fear. It's crucial for the cybersecurity community to avoid the inclination towards excessive dramatization of events. Instead, fostering a mindset that prioritizes concrete actions and meticulous strategic planning is essential, steering clear of a narrative that hints at an unavoidable catastrophe.

On an individual level, proactive cybersecurity measures become very important. I urge individuals to adopt simple yet effective practices such as regularly changing passwords, upgrading software, and maintaining awareness of connected devices. Neglecting old devices and technical debt poses a tangible challenge, and addressing these issues is crucial in mitigating threats.

Moreover, the concept of tech debt extends beyond individual actions to legacy systems within organizations. It is imperative that we do not forget or neglect older systems and devices, as attacks often exploit overlooked legacy components. A comprehensive defense strategy requires addressing tech debt and fortifying legacy systems alongside the incorporation of cutting-edge technologies."

Krishna Vishnubhotla, Vice President Product Strategy, Zimperium

"As crucial as they are for mobile security, passwords can also be vulnerable to various attacks. One of the biggest problems we’ve seen is the increasing occurrence of password reuse and how it exposes organizations to serious breaches. Simply put, when users repeat passwords for both corporate and personal logins, the organization is at risk. Hackers understand this, which is why they are increasingly using mobile phishing campaigns via SMS, messenger apps and even fake QR codes to harvest passwords.

The only way in which organizations and individual users can withstand password attacks is by adhering to the password best practices such as switching up the passwords you're using, employing longer passwords, including all character types and symbols, and avoiding common passwords in general. Multi-Factor Authentication (MFA) also adds an additional layer of security to better protect systems and end-users from compromise."

Narayana Pappu, CEO, Zendata

"I would like to start with three stats and one technique: The average user in a developed country has between 100 and 150 accounts. Studies have shown that 53% of users use the same password across multiple accounts, and there is a 27.7% chance of an organization experiencing a data breach in the next two years. Credential stuffing (using leaked passwords from one account to gain access to other accounts) is a common technique used by hackers, creating a huge exposure for both users and companies. Along with using different passwords across different platforms, changing passwords often, and enabling 2FA, users can protect themselves by logging in with OAuth-based logins (login with Facebook/google, etc., that tend to have better security) instead of creating a separate account. Logging in using email or text (works similar to 2FA) and considering password alternative login solutions like Beyond identity that have gotten significant adoption in the least few years. Companies should consider adaptive authentication methods that consider factors like device reputation, IP address, and user behavior that can help detect and prevent unauthorized access attempts."

++

Patrick Harr, CEO, SlashNext

"For years, strong passwords have been a cornerstone of cybersecurity. However, in today's era of increasingly sophisticated attacks, they are no longer enough to guarantee protection for our personal and corporate data. While creating complex passwords and changing them regularly remains essential, even the most diligent practices can't fully prevent hackers from breaching accounts and systems.

The landscape of cyber threats has become even more complex with the emergence of generative AI tools, and in turn, has made hacking passwords easier than ever. SlashNext’s 'The State of Phishing Report 2023,' highlights this alarming trend, revealing a 1,265% increase in malicious phishing emails since the launch of ChatGPT in November 2022. AI is now being used to create more convincing phishing attempts, which can trick users into revealing their login credentials. The report also reveals a 967% rise in credential phishing attacks specifically from Q4 2022 to Q3 2023, indicating a significant shift towards tactics that exploit stolen passwords.

In fact, just a few weeks ago, an employee at LastPass, a password manager software firm, was targeted in a fraudulent scheme, in which criminals used deepfake technology to impersonate LastPass’s CEO. Hackers were clearly targeting the company because it could have granted them access to hundreds of thousands of user accounts.

All that said, it is crucial that your passwords, and more importantly, your private data stay protected. Multi-Factor Authentication (MFA) can effectively protect against “credential harvesting,” where hackers gather stolen passwords to launch attacks. This can be as easy as a user providing his/her password, then entering an accompanying numeric code from an SMS text. In addition, changing your passwords often and using different passwords across accounts can minimize the chances of being hacked.

In the face of an AI-based attack, however, these protections might not be enough. Using security tools with AI technology is important to stop AI-fueled attacks that are aiming to steal your credentials. You have to fight AI with AI."

++

Chad Graham, Manager of Cyber Incident Response Team (CIRT), Critical Start

"World Password Day is a great opportunity to brush up on our digital security habits. It's a friendly nudge for everyone, tech-savvy or not, to strengthen their passwords. Instead of the usual mix of characters and numbers, consider creating a passphrase—a short, memorable sentence that’s tough to guess but easy for you to remember. Remember, a good passphrase is just the start: avoid using the same one across different sites and turn on multi-factor authentication to add an extra layer of security. For those who juggle multiple passwords, a password manager can be a handy tool, though a good old-fashioned notebook works too, if it’s kept secure and physical!"

Lionel Litty, Chief Security Architect, Menlo Security

"Any discussion of passwords these days inevitably devolves into how awful passwords are and the need to either supplement or replace them. The good news is that for once there is a robust solution - phishing resistant authenticators, meaning Passkey or Yubikey-type dongles, either in addition to a password or replacing the use of a password entirely. Data shows that using these goes a long way toward addressing many credential phishing scenarios. If your organization does not mandate these yet, this should be at the top of your To-Do list. Proper support for phishing resistant authenticators should also be on your security team's checklist when reviewing new and existing vendors."

Matthieu Chan Tsin, Head of Cybersecurity Services, Cowbell Cyber

"Staying ahead of malicious actors in today’s evolving cyber threat landscape requires a robust strategy built on layered cybersecurity solutions and strategic partners. This World Password Day serves as a reminder that companies and individual users should focus on enhancing their defenses by adhering to fundamental best practices. This involves maintaining good password hygiene and adopting Multi-Factor Authentication (MFA).

Using weak or reused passwords is risky. Cybercriminals can guess weak and/or reused passwords in seconds to gain unauthorized access to sensitive information and wreak havoc on organizations. However, organizations can decrease their risk exposure by implementing MFA, password managers, and security assessments.

Working with a cyber insurance provider is a practical and strategic way for companies to improve their cyber preparedness and response plans. Cyber insurance providers can help prevent and address cyber incidents and ransomware attacks, including those from password-based attacks.

As cyber threats escalate and evolve worldwide, businesses and individuals must shore up their cyber defenses to prevent potentially devastating consequences. World Password Day is a reminder of the critical role passwords and MFA play in securing an organization's digital infrastructure and highlights the importance of security protocols and proactive measures to mitigate cybersecurity risks and their impact."

Kumaravel Ramakrishnan, Technology Director at ManageEngine

"Passwords, despite their shortcomings, will continue to be a mainstay for the foreseeable future. It is too early to call alternate tools of authentication a permanent replacement for passwords, as they are still at a nascent stage. In addition, these new controls will require significant investments, pose collaboration challenges, and will need to be free of errors and biases. The goal for individuals and enterprises will be to address immediate authentication challenges while exploring passwordless options for the future."

AJ Lindner, Solutions Architect, One Identity

"World Password Day presents organizations with an opportunity as good as any to re-evaluate the security of their authentication protocols and review password policies to ensure they align with current standards.

These practices include increasing organization passwords to a minimum length of 8 to 13 characters; removing composition rules and complexity requirements; only requiring password changes when there is evidence of a compromise; and comparing all passwords against values that are commonly-used, expected, or compromised, then rejecting those passwords in case of a match.

So even when passwords are still a necessary evil, there’s no excuse not to complement them with a strong second factor wherever possible, even if certain applications are unable to support it. Most modern applications support federation protocols like Security Assertion Markup Language (SAML), OpenID Connect (OIDC), and the RADIUS networking protocol, and also enable the ability to easily implement multifactor authentication."

Pranava Adduri, former founding engineer at Rubrik and current CEO and co-founder of Bedrock Security

"Most modern breaches involve credentials - whether for initial access or for use in lateral movement. For consumers, secure passwords, MFA, and proper system hygiene will help reduce the likelihood of compromise. Using passwordless options, like hardware tokens, makes it even more secure, albeit less practical.

For enterprises, the challenge is that not all credentials belong to humans. Enterprises will have 20%+ of their credentials being used by machines or applications. Going passwordless alone here may not help. Many attacks use legitimate credentials. so the ultimate protection is examining the proactive and real-time use of data and protecting that. Protecting the data with proactive measures, such as reducing overly permissioned credentials, isolating sensitive data, and using AI reasoning methods to watch and stop real-time data security and compliance issues, is the most secure method of protection for enterprises."

Jeff Reich, Executive Director at the Identity Defined Security Alliance (IDSA)

“Regardless of what we are hearing, the password is not dead yet. No longer in the spring of its youth, we’re still a couple of steps away from it needing life support. My time in this field spans six decades, people have been saying the password is going away for nearly five of those. The password still offers a mighty service and is usable, to a degree. We will always face the challenges of social engineering, weak passwords, leaked passwords, and overused passwords. Many systems are unable to process anything but a password for authentication.

We have great passwordless technology and tools available to us now. From passkeys, to smart cards, to federated authentication, to tokens, to biometric authentication, and more. All of these give us the flexibility to eliminate passwords in many situations resulting in faster, more reliable authentication. The new challenge is finding a way to integrate these tools seamlessly and gain broader acceptance. The promise of passwordless technology is wonderful. Let’s not forget, on World Password Day, that we still have passwords and sometimes, making things easy with a single factor biometric can cause greater risks than some passwords. Multi-Factor Authentication isn’t going away. Passwords may not either.”

Raju Vegesna, Chief Evangelist at Zoho

"Companies and their customers have been warned about poor password security for decades, yet despite mounting data breaches and associated costs, bad habits persist. According to a study by NordPass, the average person needs at least 100 passwords, yet the most common passwords used are quite simple: "123456," followed by "admin." Additionally, Bitwarden's research found that 85% worldwide reuse passwords on multiple sites - a goldmine for hackers. In conjunction with World Password Day May 2nd, here are some simple ways consumers can elevate their passwords without running into the common issues of data breaching, scams and identity theft.

Use a secure browser: On top of table stakes like pop-up blockers and automatic updates, ensure it offers anonymized statistics and protection from social media tracking, targeted ads, third party data collection, and other modern annoyances.
Adopt password-less authentication: Whether it's eliminating passwords altogether or creating one-time passwords for each login, authentication apps enable quick, easy, and secure logins across multiple accounts.
Switch to a password manager: These applications enable individuals to securely store, share and generate strong passwords . Also help companies to maintain visibility into who is logging in and what level of access they should have—able to be monitored across an organization via cloud computing.
Enforce MFA: Using text messaging, email messages, or a combination of methods, multi-factor authentications ensure that users know precisely when a login attempt occurs and that, even with a password, a bad actor cannot access personal data."

Tyler Young, CISO, BigID

"This World Password Day is a constant reminder that poor password hygiene continues to be the leading cause of data breaches and phishing attacks.

While having a password written on paper offline is typically safe, especially when stored in your home safe, it's not realistic for modern life. Having to check a password book looking for complex passwords is not realistic and will often lead to simplistic password use and reuse.

While modern browsers offer password management features, dedicated password managers often provide additional layers of security and functionality. Security features included in password managers, such as Auto-fill or Password generation functionality, offer significant value that is not traditionally offered by modern browsers. Never needing to know or see the password due to password management functionality limit potential exposure and reduce potential password stealing attack vectors."

Max Gannon, Cyber Intelligence Team Manager at Cofense

"Every year, World Password Day serves as an important reminder to organizations and individuals alike of the importance of keeping digital defenses strong, starting with our passwords. Simply relying on a complex password is not enough. It’s very important that passwords not be reused elsewhere. That is what can get people. A single data breach on one platform can compromise an individual’s password, leaving them vulnerable to threat actors attempting to use the same password on other sites.

While creating unique and complex passwords is an important step to securing data, it is also important to remember that threat actors are continuously looking for new ways to breach systems. Attackers take advantage of weak links in organizations, targeting employees with password expiration scams and credential phishing. In 2023, credential phishing was responsible for 91% of active threat reports published. Credential phishing remains a top concern for cyber threats, so while keeping passwords up to date is important, employees must be trained to look out for these threats to safely secure their credentials. Organizations must equip their employees with the proper knowledge to detect these threats and effectively mitigate any potential cyberattacks."

Rishi Kaushal, Chief Information Officer at Entrust

"Identity continues to be the most targeted attack vector by bad actors with nearly two-thirds of data breaches caused by compromised credentials and AI is only accelerating new types of attacks. Our passwords should be an extension of our identities. You wouldn't share your social security number with just anyone, so why are your passwords any different? This World Password Day, we must look beyond typical password measures like alphanumerics and seek to improve how we are securing our data - taking a "never trust, always verify" approach to our accounts.

Too many organizations either still rely on a single-factor authenticator like the password or enable relatively weak multi-factor authentication (MFA) with an over-reliance on one-time passcodes. Instead, we need to encourage implementations like phishing-resistant MFA technology, which requires more authentication than just a click or a compromised password to put you at risk - it is also a key foundation for organizations implementing Zero Trust principles. Another option is incorporating identity verification with authentication processes, adding biometric checks as step-up authentication. Organizations and consumers must work together to ensure their data is safe, and the combination of the right tools and mindsets will allow them to do just that."

Dave Spencer, Director of Product Management at Immersive Labs

"Bad actors are constantly searching for the weakest link in an organization's security posture. That weak link is often poor password management. Employees take the path of least resistance, which usually means satisfying the complexity requirements of passwords in the easiest way to remember possible. Most people attempt to pick strong, unique passwords for the numerous platforms they use which, unfortunately, only gives the illusion of security. In reality, this approach leaves numerous access points for attackers to infiltrate. With inadequate password hygiene being a common contributing factor in cyber incidents where credential stuffing and phishing attacks can expose corporate data as well as personal users, it's clear that both organizations and individuals need to reassess their password strategies.

Rather than hope to keep data secure with only passwords, tools like multi-factor authentication (MFA) and password managers provide an added layer of protection, requiring bad actors to do extra work and limiting the avenues they can use to gain access to the sensitive information. But beyond implementing these tools, users need to know why these solutions are being utilized. A baseline knowledge of cybersecurity is necessary as we see more and more attacks targeting those who least suspect it. When we create a culture that prioritizes cyber resilience rather than finding out who to blame, we are more inclined to report malicious attempts at password stealing and other attacks.

However, it's crucial to choose your MFA method wisely. Push fatigue has become prevalent, where users mindlessly tap a button on their phone to authenticate, potentially authorizing requests without proper verification. This tendency to habitually tap away without confirming the legitimacy of the request can often happen, especially at the beginning of the day or post-lunch breaks."

Frederik Mennes, Director of Product Management & Business Strategy at OneSpan

"Today, organizations face a more threatening array of security concerns than ever before, and the average CISO faces immense pressure to safeguard the business. Traditional authentication such as passwords no longer offer effective protection against current threats. At the same time, more secure products like digital signatures combined with public key certificates in a public key infrastructure (PKI) often present implementation or usability challenges. In this setting, passwordless authentication emerges as a viable alternative, providing defense against evolving threats combined with enhanced usability.

Passwordless authentication methods have the capability to mitigate security risks by eliminating vulnerabilities associated with password-based credentials. It's the case because passwordless products do not rely on static passwords. Instead, they generate dynamic authentication codes that have a limited lifetime and can be used only once, or are based on unique human biometric characteristics, such as fingerprints.

Passwordless authentication has advanced in reducing the risk of breaches, allowing CISOs to build future-ready and adaptable systems for their organizations. Phishing-resistant passwordless authentication systems such as those based on FIDO standards can also eradicate the threat of phishing. With such products, they can safeguard corporate data, resources, and the wider workforce, while enabling a flexible workforce without compromising security. This can ensure a secure and user-friendly environment for dispersed workforces for 2024 - and well beyond."

Yiftach Keshet, Vice President & Identity Security Expert at Silverfort

"For businesses to improve and think more broadly about securing identities, there needs to be a perspective shift in how the most crucial entry point is protected- passwords. Securing passwords with Multi-Factor Authentication (MFA) and not reusing passwords is basic security hygiene, yet we should continue doing it. However, it's 2024. Organizations need to take the conversation beyond passwords for human identities and start talking about how to successfully protect the other tools attackers use, such as command line tools, PowerShell, and machine-to-machine communication. I'd like to get to a place where CISOs demand strong MFA protections for their non-human identities and the critical resources MFA can't secure.

World Password Day serves as a reminder that identity gaps throughout the identity infrastructure continue to cause many major breaches. If a hacker successfully steals a password, it's easy for them to move discreetly throughout an environment and even use identity infrastructure as a gateway to access cloud assets and environments. Recent research found that 67% of organizations sync their on-prem passwords to the cloud. While this is convenient and can help boost employee productivity, it also dramatically increases risk by creating a gateway for cybercriminals to jump from on-prem to the cloud and wreak havoc on an entire organization's network.

Security leaders should ask themselves how they can secure the identity infrastructure that often leads to compromise. When organizations start having more conversations about the forgotten resources that go unprotected and how to secure them, we'll advance security to a place that can actually stop an attacker in their tracks."

Joe Richard, Associate Director of Program Management at Nightwing (formerly Raytheon)

"As digital infrastructures grow more interconnected and complex, an organization's priceless data and mission-critical systems are increasingly vulnerable to cyberattacks. An effective cybersecurity strategy requires multiple layers of defense spanning networks, endpoints, data, and user access.

Passwords are often viewed as the first layer of defense, serving as the primary means for authentication and access control. Frequently, poor practices and prioritization of convenience over security leave this layer susceptible to multiple attack vectors such as brute force attacks, phishing campaigns, and social engineering.

We all share responsibility for fortifying this layer of defense; however, organizations must assume that advanced attackers will eventually find a way inside the security perimeter. Beyond password discipline, organizations should embrace zero-trust principles to continuously authenticate every user, device, and application attempting to access DT resources. Organizations should also include cyber resiliency measures to adapt, withstand, and recover from potential attacks.

As users, and as stewards of our organization's security, we must all pay attention to our cyber hygiene by making sure our passwords are secure, complex, and regularly updated. It's up to each of us to do all we can to bolster this first layer of defense to prevent criminals from accessing networks, stealing sensitive information, and undermining systems."

Viktoria Ruubel, Managing Director of Digital Identity at Veriff

"In the past year alone, there has been a 71% increase in attacks that use stolen passwords. As the digital landscape continues to evolve, passwords are no longer the most secure method to protect their data. In fact, two-thirds of consumers feel facial recognition software provides easier and safer access to online accounts than passwords. Consumers would accept a longer sign-up process involving the use of an ID document and a selfie if it means better identity and personal data protection.

Relying on legacy approaches like two-factor authentication or knowledge-based authentication (using knowledge of a mother's maiden name, for example) can expose an organization to bad actors. Passwords are vulnerable to data breaches and malware, and two-factor authentication is susceptible to device compromise and social engineering.

We must improve how accounts are secured, like pairing passwords with biometric technology. A report found that 38.5% of respondents believe facial recognition and biometrics are the most secure method for protecting their accounts and information. In addition, biometric data is hard to steal and cannot be forgotten like a password. When you add biometric facial authentication on top of password protections, sign-in becomes secure and seamless.

While there is no one-size-fits-all solution to combating fraud, this World Password Day we should seek solutions that can complement and augment existing security measures."

Doug Kersten, CISO, Appfire

"Today, malicious threats are much less predictable and, therefore, more difficult to defend against. While passwords were once the key to safeguarding private information, attackers have perfected countless techniques to access them.

Regardless of whether you're using a professional or personal device, it's essential that your passwords are unique, difficult to guess, and not used across a variety of devices or platforms. World Password Day is a great reminder to stop and think about the last time you audited the passwords you're using, where you're storing that information and whether that information is easily accessible, and to take the time to change the passwords you use frequently or you know have been compromised in data leaks.

Many internet browsers are improving their password protection practices, sharing with users their security blind spots. However, responsibility remains with the user to take the next step to change compromised passwords. Always think in terms of something you are - your user name; something you know - your password and something you have - a device or software that provides a second factor, such as biometrics or authentication codes from common and free authenticator apps like Google or Microsoft Authenticator. Using these in a thoughtful way will greatly reduce the impact of a password compromise and make for a very happy World Password Day."

Patrick Harding, Chief Architect at Ping Identity

"As threat actors become more sophisticated and lean on new technology like artificial intelligence, most users underestimate the risks associated with relying on passwords to protect valuable information. On top of that, a whopping 48% of IT decision-makers are not confident they have technology in place to defend against AI attacks. Traditional passwords make organizations vulnerable to these types of attacks, leaving the door open for hackers to access critical data. Consumers have also become increasingly frustrated with remembering multiple, complex passwords and often choose to reuse the same password on various sites, increasing security risks even further.

The good news is there are more secure alternatives that provide better digital experiences for the user. Passwordless authentication replaces traditional passwords with more seamless and secure methods and helps enterprises reduce risk and stop threats at scale. This World Password Day, let's focus on moving towards a passwordless future that offers better and safer digital experiences while educating organizations about technology that strengthens security."

Thomas Epps, IT Product Specialist at LG’s IT division

"We can no longer rely on passwords alone to maintain good cybersecurity hygiene in organisations. Bad actors are skilled at using brute force to decode passwords and breach systems. So, passwords must be supplemented with additional layers of security.

“Powerful innovations in biometric technologies and AI-powered smart security can augment passwords and support users in taking extra measures that protect their online identity. For example, face, eye and gaze sensing can be used to intuitively lock and unlock screens when users look away, while AI can help instantly identify any unusual activity and alert consumers of potential breaches. With preventative measures in place, individuals can be empowered to practice safe security and better protect their online identity and presence."

Morgan Wright, Chief Security Advisor, SentinelOne

"There was a time when moats protected castles, and knights in shining armor on horseback defended the kingdom. There was also a time when passwords protected the most valuable of secrets. Like moats and knights, that era has passed.

Identity is the new perimeter. Subscribing to the antiquated notion that a password is the first and last line of defense has been eclipsed by the modern threat environment. If your security depends solely on the strength of a password, you are going to be disappointed in quick fashion.

There will be those who cling to their passwords and reject modern approaches, like biometrics and advanced authentication techniques and technology. They will become a footnote in digital history, referred to only in anecdotes that start with “Back in my day…”.

If William Shakespeare were alive today, his great poem Caesar may have started differently.

'Friends, Romans, countrymen, lend me your ears; I come to bury passwords, not to praise them.'"

Raffael Marty, General Manager, Cybersecurity, ConnectWise

"Stolen credentials are one of the top attack vectors in the MSP space, providing cybercriminals with an entry point to bypass an organization's security measures and gain access to important systems and accounts. As a result, critical information, such as intellectual property, sensitive financial or healthcare data, can be stolen and exploited by hackers. Unfortunately, these concerns are heightened by threat actors increasing their focus on defense evasion tactics to avoid detection.

To combat this growing issue, MSPs and their customers should seek to adopt at least a basic password management approach by using password managers. If possible, additional protections should be put in place, such as multi-factor authentication (MFA), or adaptive zero-trust approaches that enforce additional standards. For example, when logging into systems, the originating machine has to be patched and needs to run necessary security tools. This World Password Day is a reminder that MSPs and MSSPs need to educate their customers about the concerns of poor password management and security while re-evaluating why they are still using passwords in the first place."

Bojan Simic, Co-founder and CEO, HYPR

"Since the first World Password Day in 2005, great strides have been made to protect digital identities but, it's time for this annual observance to emphasize user friendly FIDO-based authentication systems like passkeys.

Securing authentication methods is of utmost importance, as it is often one of the top entry points for cyberattacks. Passkeys use public-private key cryptography making them phishing-resistant, and providing enhanced protection against common attack vectors, like brute force attacks, credential stuffing, and AitM (adversary-in-the-middle). Unlike traditional passwords and other forms of authentication, like one-time-passwords (OTPs), SMS and email links, there are no shared secrets. The confidential credential is not transmitted, so interception, theft, breaches, or cracking is implausible.

We envision a future where enterprise leaders embrace the new business imperative and shift away from password use, toward the deployment and widespread adoption of passkeys to fortify existing cyber defenses."

Erik Nordquist, Managed Security Product Director at GTT

"Password sharing continues to be alarmingly common, and businesses should be particularly concerned because many people use the same passwords for both personal and business accounts. This puts not only their own situation at risk but also enables bad actors to gain access to corporate systems and infrastructure. Cybercriminals can use infected devices to launch ransomware and other attacks, often undetected. It's crucial that all businesses put strong password policies into place to protect their organization's security. Regularly changing passwords, using strong and unique passwords for each account, and implementing two-factor authentication can help mitigate the risks associated with password compromise. Educating employees on the importance of password hygiene and the dangers of password sharing is also essential in maintaining a robust cybersecurity posture."

Paul Walker, field strategist, Omada

"Multi-factor authentication has rapidly become a critical security feature supported by most identity providers, essentially eliminating the need to enter passwords. A growing majority of business users can now go days or even weeks without having to enter a password. Methods like Windows Hello, for instance, allow users to sign into their devices and use major browsers by authenticating through things like facial recognition, fingerprint scans, and PINs.

That said, even as many companies and solutions add additional layers, passwords are still often used as a fallback. While the password is no longer the only option, it’s still a required one in many circumstances. Contrary to rumors of its demise, the password is still with us for the foreseeable future. And that means we have to account for that. Most users are going to forget their passwords, especially if they’re not using it daily. That requires them to go through a sometimes clunky password reset process. As a user, you can and should ask your organization for a secure password manager to eliminate some of this pain. And if, as an organization, you haven’t already put such a tool in place, there’s no time to wait."

++

Domingo Guerra, EVP Trust, GM North America, Incode

"As many companies announce plans to shift to “passwordless,” biometrics for identification have exploded rapidly across all sectors. The primary driver of biometrics adoption is speed/ease of use. Facial recognition, or Face Factor Authentication (FFA) is a prominent means of verifying user identity; it’s quick and easy for customers to capture a selfie, for instance.

The second primary driver is security. Today, biometrics are harder to spoof or circumvent than other types of identity authenticators. As irrevocably damaging digital threats like deepfakes become more sophisticated, organizations need a way to be able to prove someone’s identity with utmost certainty. Biometrics are replacing obsolete systems like passwords, PIN numbers, and physical ID cards that are prone to fraud and error, and easily be faked or lost.  Further, the rise in phishing and social engineering have presented a challenge for many users. Fraudsters and cyber criminals are experts in getting users to compromise their passwords or security tokens, and experts at tricking Help Desks to grant access to accounts by impersonating legitimate users.

The advantages of using biometrics for verification and authentication are two-fold. Firstly, it provides customers with speed, convenience, and confidence that their data and access will be protected. Secondly, it ensures businesses are going the extra mile and practicing due diligence by comprehensively evaluating all identity signals, enhancing customer trust. Finally, biometric authentication authentication offer a benefit that has never existed before: it makes it impossible to forget or lose your password or authentication device. In an increasingly interconnected world where real-world and digital identities intertwine, robust biometric verification and authentication play a pivotal role in establishing and maintaining digital trust."

Jason Kent, Hacker in Residence, Cequence Security

"On World Password Day, individuals and organizations must prioritize robust password practices. While convenient, the widespread practice of reusing passwords across multiple accounts introduces significant security risks. A single data breach can have cascading consequences if identical credentials are used elsewhere.

To mitigate this risk, it is imperative to adopt a unique password for each online account. Consider incorporating biometric authentication (fingerprint or facial recognition) for mobile apps where supported, as this provides an additional layer of protection. While managing numerous passwords may seem daunting, there are effective solutions available. Using reputable online password managers can help individuals organize and secure their credentials efficiently. These tools securely store and synchronize credentials across devices, ensuring accessibility without compromising security. Just keep in mind, this is a single place to attack and gain all of your passwords so this is a great example of needing multi-factors of authentication (Something you know, Something you have, Something you are) to access that particular system.

Users should also update passwords regularly, especially for accounts containing sensitive data such as password managers, financial or healthcare information. By embracing these practices, individuals and organizations significantly strengthen their password hygiene, minimizing the likelihood of security breaches."

Mike Loukides, vice president of emerging technology content, O'Reilly

"In one form or another, passwords have been around for thousands of years. And they've been a bad idea the whole time. Passwords are entirely too easy to guess. The common practice of password rotation makes the problem worse, not better--a fact recognized by organizations as authoritative as the US National Security Agency and the National Institute of Standards and Technology.

But we've also failed to come up with good alternatives. Authentication is a difficult problem. Passwords are still problematic, but less so when they're combined with one or more other forms of identification. There's no excuse for not practicing multi-factor authentication. The simplest form of 2-factor authentication is sending a text to a cellphone with a one-time code. That has its problems, but it's adequate.

Some alternatives to passwords are passphrases, which are short sequences of words that are much longer than individual passwords. My guess is that passphrases would prove to be almost as easy to guess as passwords, if they were widely used. Security keys are physical devices that plug into a USB port. They should be more widely used than they are, but like any small physical device, they can be lost. They aren't expensive individually, but costs add up as organizations get large; and USB connectors change from time to time. Passkeys are a widely implemented cryptographic standard, but they are difficult to configure correctly, and the standard has loopholes that make interoperability a problem. Nothing is going to work when vendors are trying to use a standard to implement a walled garden.

Biometrics is the one alternative that seems to be getting broad acceptance. Most new cell phones support either fingerprint or face recognition. But that has its own problems. If someone steals a fingerprint database, you can't change your print. And face recognition doesn't work in the dark, or if you take off your glasses, or even get a new hairstyle.

Passwords are a problem, but we really don't have any good alternatives yet. That may be the biggest problem facing the security industry."

Deepak Taneja, CEO and Co-Founder, Zilla Security

"Identity security and governance is top of mind for most CISOs. In a recent multi-city CISO event that Zilla Security participated in, 70+ % of the CISOs indicated that identity was their highest priority for the next 12 months. This is no surprise since the majority of data breaches stem from access vulnerabilities.

One of the tenets of identity security is password management and authentication, which are critical to protecting an organization's digital identities. On World Password Day, we are reminded of the importance of adopting strong, unique passwords to protect against identity threats, in addition to proactively and continuously managing permissions for every identity - human or machine - across every application in the enterprise."

++

Russ Kennedy, Chief Product Officer, Nasuni

"World Password Day serves as an annual reminder that passwords are often the first line of defense against unauthorized access to an organization’s sensitive information. The strength and uniqueness of passwords are essential components of cyber hygiene practices, in addition to employing single-sign on and two-factor authentication practices.

However, it's important to recognize that password security is just one piece of the puzzle. Equally important is the protection of file data and the ongoing vigilance against the growing threat of ransomware attacks. With cyber threats constantly evolving, adopting a holistic strategy to cybersecurity, which includes regularly updating passwords, employing data backup and encryption methods to secure files, and implementing robust ransomware protection measures, becomes imperative in safeguarding our digital assets and privacy."

Published Wednesday, May 01, 2024 7:30 AM by David Marshall