May 5 is World Password Day – championed by such IT firms as Microsoft, Intel and Lenovo – the aim is to get consumers and businesses to consider how important it is to use strong passwords for home and work IT use; and to use different passwords for different IT uses and accounts, to lessen the risk if one password is compromised. Visit https://passwordday.org/.
Comments
David Mount, director, security solutions consulting EMEA, Micro Focus, says it’s a fitting time to question the ongoing suitability of passwords – which remain the most common method of authentication in use. “There’s no doubt that passwords present some benefits, but naturally there are weaknesses too. Passwords are too easy for hackers to steal and too difficult for users to remember, for example. But there’s also a broader issue here around authentication and the use of passwords as a single point of identification. Placing trust in a password alone to protect your identity or data makes that password the weakest link in the chain, and this means that we are at the end of the useful lifespan of passwords as the sole method of authentication.
“As we move more of our lives online, we need a more effective way to securely prove who we are. The answer could be using tokens, smartphones, biometrics, behavioural indicators, or a blend of these measures, and this will depend greatly on the sensitivity of the information or service being secured. But whatever the answer is for each particular security scenario, simply relying on a user to devise (and remember) a sufficiently secure password is fundamentally flawed.”
Nick Viney, Vice President, Consumer EMEA at Intel Security, says: “Recent research from Intel Security revealed that the average Brit has over 27 accounts that require a password login, so it’s hardly surprising that people struggle to remember them. However, with 33% of people admitting they write their passwords down and 15pc saying they use the same one across multiple accounts, it is clear there needs to be an education when it comes to protecting personal information. The reality is that such tactics leave accounts vulnerable to criminals.
“As technology advances, so does the way we protect our data, with biometric security measures such as Intel Security’s True Key meaning you don’t even need to remember any passwords at all. Innovative technology using biometric details, such as fingerprints, voice activation or linked devices, provide the ideal balance between smooth user experience and the highest standard of security, putting everyone’s mind at rest.
“However, if you still want to stick to the traditional password method, ensure that each of your logins are unique, at least six characters in length and comprised of mixture of upper and lower case letters, as well as a number and symbols. It goes without saying that you should avoid generic combinations like ‘Password1234’, but it’s also worth knowing that the strongest passwords do not contain your username, real name or even a complete word. If you’re having problems remembering passwords, try creating an acronym for a phrase that’s meaningful to you, for example ‘my hamster is called Jon’ might become ‘MH1sCj0n’.”
And Hans Zandbelt, senior technical architect, Ping Identity, says: “2015 was undoubtedly the year where multiple password breaches hit our headlines. High profile organisations such as Vtech and Ashley Madison suffered at the hands of savvy cyber criminals, whilst customers had to be notified that their passwords and personal details may have been leaked. Fast forward to 2016, and recent statistics show that poor password management and practice are still a blight on British businesses and brands. Recent findings have shown that 75% of consumers use duplicate passwords and the ‘Top 25 Worst Passwords of 2015’ list included passwords such as “123456” and “password”. Moreover, new additions to the list like “solo” and “starwars” featured highly ahead of high-profile movie releases. As hackers build up a profile of patterns and trends – consumers and businesses must do more to make their lives that bit harder, and to educate staff on password best practice.
“Awareness-raising days such as World Password Day serve as a crucial and necessary reminder as to how passwords can be better safeguarded, and how indeed the secure authentication landscape can and must evolve. Enterprises need to move beyond a sole reliance on passwords and invest in to two-factor and multi-factor authentication which focus on the identity of that individual user. An ‘identity-defined’ approach will ensure that British consumers and employees can access their data in the most secure manner possible in our digital economy.”
