Strengthening Cybersecurity

World Password Day serves as an annual reminder of the critical importance of strong password practices in safeguarding our digital identities and assets. In today’s interconnected world, where cyber threats continue to evolve in sophistication and frequency, the need for robust password security measures is more crucial than ever. As we commemorate this occasion, industry experts and leaders share insights and strategies to enhance password security, mitigate risks, and explore emerging authentication technologies. Together, we reaffirm our commitment to prioritising cybersecurity and empowering individuals and organisations to protect themselves against potential threats.

Rob Lee, Chief Curriculum Director and Faculty Lead at SANS Institute

1. Prioritise Multi-Factor Authentication (MFA): Start with the essentials. Multi-factor authentication is more than just an extra step; it’s a fundamental layer of defence. It ensures that even if a password is compromised, the additional authentication requirements can block unauthorised access. Research has shown that MFA can prevent nearly all automated attacks, making it an indispensable tool in your security toolkit.
2. Leverage Password Managers: Managing different passwords for each account can be cumbersome, which often leads people to reuse passwords. This is a risky practice. Password managers can generate, retrieve, and store complex passwords automatically. This helps in maintaining strong, unique passwords for various services without the hassle of remembering each one, effectively reducing the risk of password fatigue and security breaches.
3. Switch to Longer Passphrases: While complex passwords are good, long passphrases are better. They are not only tougher for machines to crack but also easier for humans to remember. These can include nonsensical strings of words with mixed characters, offering a robust shield against brute force attacks. The shift to passphrases can significantly enhance your security without sacrificing usability.
4. Embrace the Future of Passwordless Authentication: The landscape of digital security is evolving towards eliminating traditional passwords altogether. New authentication methods such as biometrics, password keys, or even behavioural analytics are becoming more prevalent. These technologies offer a more seamless and secure way to protect your accounts, pointing towards a future where passwords may become obsolete.
5. Implement Zero Trust Security Models: Incorporate a Zero Trust security model, which operates on the principle that no one inside or outside the network is trusted by default. All users must verify their identity and are granted access only to the resources they need. This approach reduces the attack surface and mitigates the risks associated with compromised credentials or insider threats.

As we observe World Password Day, it’s a prime opportunity to reassess and upgrade your security practices. These measures not only protect personal information but also secure the data of those who trust us with their information.

Kumaravel Ramakrishnan, Technology Director, ManageEngine

“Passwords, despite their shortcomings, will continue to be a mainstay for the foreseeable future. It is too early to call alternate tools of authentication a permanent replacement for passwords, as they are still at a nascent stage. In addition, these new controls will require significant investments, pose collaboration challenges, and have to be free of errors and biases. The goal for individuals and enterprises will be to address immediate authentication challenges while exploring passwordless options for the future.”

Bernard Montel, EMEA Technical Director and Security Strategist, Tenable

“When we think of passwords the image that comes to mind is of individuals entering a short code to gain entry to something – such as an online account, banking app, and a multitude of other digital identities. Passwords are also used by many enterprise applications and services running in our IT infrastructure and cloud deployments, often with privileged access to sensitive systems and data. What many fail to consider is the myriad of IoT devices that also use passwords without any human interaction to connect. Ring doorbells, self-service screens in the local take-away, ticket booths at the railway station, plus many other smart computing devices that are interconnected.

“In the Middle East, IoT devices are increasingly used in offices, industrial sectors, healthcare and more.  The issue is that many of these devices will rely on factory set username and password combinations that remain unchanged. The risk is that the out of the box credentials are either easy to guess – such as ‘Admin’ and ‘12345’, or an internet search will disclose what they may be. This information could be used by a threat actor to log into the device and use it to access the local network or conduct cyber-attacks.

“This World Password Day, with the focus on creating strong passwords, I urge everyone to also take a moment to think about the devices that have been setup and forgotten. If you haven’t already, track down these devices and change any default passwords to strengthen security and reduce cyber risk.”

Ezzeldin Hussein, Regional Senior Director, Solution Engineering – META at SentinelOne

My kids, part of Generation Alpha, born after 2010, are leading the charge towards password-free security solutions. Growing up in a world where traditional passwords are outdated, they effortlessly navigate multi-factor authentication and biometric recognition.

Unlocking their devices with fingerprints or facial scans, my kids epitomise the shift towards convenient and efficient digital security practices. Their intuitive embrace of biometric authentication not only streamlines access but also fortifies security with layers of verification.

As we commemorate World Password Day, it’s crucial to acknowledge how Generation Alpha is reshaping security norms. Their reliance on password-free alternatives underscores the imperative for businesses to adapt. Investing in advanced authentication methods like facial recognition aligns with the preferences of younger demographics while bolstering protection.

Generation Alpha’s trailblazing spirit propels us towards a future where passwords are relics of the past. Instead, intuitive and secure authentication methods define the landscape. Looking ahead, the evolution of security technology will continue to be shaped by the habits and preferences of this visionary generation.

Christopher Budd, director, X-Ops research, Sophos

“This year’s “World Password Day” really needs to be “World Password and Multifactor Authentication (MFA) Day. In our 2024 Annual Threat Report we call out that data theft, including password stealers is the top threat SMBs face. Also, in our most recent Active Adversary report we call out that authorised remote access remains a leading initial step in attacks, including ransomware attacks. MFA is an important and effective countermeasure that protects against both these threats.”

Ranjith Kaippada, Managing Director, Cloud Box Technologies

“Today, we celebrate ‘World Password Day’, acknowledging the critical role passwords play in our daily digital lives. As a leading IT solutions provider, we understand the utmost importance that password security holds in safeguarding our digital assets. With cyber threats becoming increasingly common and pronounced, we emphasize the necessity of choosing stronger and unique passwords for each account. They serve as the frontline defence against cyberattacks that could otherwise result in data theft, financial loss, and reputational damage.

We empower businesses with robust security measures, including multi-factor authentication and regular security audits, to keep them secure against the ever-evolving cyber threats landscape. On this World Password Day, let us pledge to pay close attention to password security and take measures to make our digital environment safe and secure.”