KnowBe4 urges the public to adopt robust password hygiene practices amid growing cyber threats
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, celebrates World Password Day tomorrow by encouraging users to strengthen password hygiene practices to stay cyber safe.
With digital security more critical than ever, World Password Day is an annual call-to-action for individuals and organisations to strengthen their password practices. Originally created by security researcher Mark Burnett in 2005, the day reminds us to update our passwords regularly and adopt best practices to protect our digital lives. With a rise of data breaches and cyberattacks, it is time to discard weak and insecure passwords and reinforce cybersecurity defences.
Roger A. Grimes, data-driven defence evangelist at KnowBe4, emphasises the importance of password security based on over thirty years of examining password attacks. "The uncomfortable truth is that password strategies have not kept pace with the skills of modern hackers. Far too many people are still using passwords that could be cracked in a matter of minutes or even seconds. It is not just about complexity, it is about approaching passwords with a mindset of strategic defence," said Grimes.
Most cyberattacks are the result of a number of contributing factors and the combination of weak passwords and social engineering rank as some of the highest among them. Yet people continue to use the same weak and easy to penetrate passwords both at home and at work, share their passwords with others and store them in easily accessible places. This means that, for example, if one of a user’s social media accounts is compromised, there is a high probability that their work email is also vulnerable to hackers as well.
Grimes identified that password attacks generally fall into four major categories:
- Passwordguessing
- Passwordtheft
- Passwordhash cracking
- Passwordbypass
In response to ongoing cyber threats, constructing strong, unpredictable passwords that can fend off guessing attacks, as well as changing passwords often, are recommended. With phishing implicated in 79% of credential thefts, according to Egress Software Technologies, one of the best defences lies in blocking phishing attempts before reaching users and by providing security awareness training for appropriate mitigation and reporting if they do encounter them.
Advanced security measures, like multi-factor authentication (MFA) combined with biometrics, also add layers of protection. By combining something users have (a device) with something they are (biometric data), and coupling these with complex passwords, make it much more difficult to phish, guess or predict and thus far more secure.
Password best practices advice
- Instead of using apassword, create a passphrase. This can be a sentence or a combination of words that is easy for you to remember. For example CoffeeB4WorkIsTheBest! or MyFavouriteMacMealIs#51. Integrate numbers and special characters into passphrases to make it even more difficult to crack.
- Add multi-factor authentication and biometrics to your login process.
- Avoid using the samepasswordacross multiple websites and accounts, and definitely do not use the same passwords at home and at work.
- Use apassword This ensures unique, long and complicated passwords for every single place that you need to log into. Password managers also eliminate the human element of creating passwords and makes it impossible to share with anyone. Remember, the more people who know your password, the more vulnerable you and your organisation are to cyberattacks.
For further insights and more on best password practices, read Grimes’s blog post here.