Today is world password day! It falls on the first Thursday in May each year and is intended to raise awareness of password best practices and the need for strong passwords. It seems like we all have more passwords with each passing year, though there are some conflicting ideas of what password best practices are, which makes the idea of password security even more challenging for the average individual.
We expect to see just as many – if not more – data breaches this year as criminals take advantage of human error and lack of discipline, alongside businesses struggling to find the balance between ‘just enough’ and ‘too much’ security. Especially now, at a time when most corporate employees are working from home and are more open to data breaches which can come from vulnerable network connections, outdated software and weak security solutions placed on work laptops or bring your own devices (BYOD). Today’s hackers are very aware of password patterns, variations and a tendency towards reusing the same password across multiple platforms. This is why workplace password security is crucial as businesses are left at an even greater risk of suffering a breach.
According to recent research conducted by Entrust among UK consumers:
- Women are less likely to take basic precautions like updating their passwords regularly. Only 31.4% of women updated them at least every other month or more versus 41.5% of men
- Almost one in four of us (24%) never update our passwords, or do so less than once a year. UK women are more likely than men to never update their passwords (27% versus 21%).
- 8 out of 10 people (81%) have never been asked by their employer to hand over login or password credentials before changing or leaving a position at the company. Only 3 in 10 of the UK’s generation Z and millennials have been asked to hand over this information.
Top tips for world password day
- Change your password regularly
- Make each password unique
- Customize security settings to fit your needs and environment
- Check for updates
- Enable advanced authentication and encryption
- Use trusted or your own gadgets
Never use the manufacturer’s default passwords, and don’t use predictable sequences or information that is easy for someone else to find out through social engineering. The recommendation is to avoid using common number sequences such as date of birth or first name.
It’s highly recommended to use unique passwords for each platform and make use of a password manager app or encryption service to keep them secure.
Make the trade-offs between security and ease-of-use or convenience that match your risk tolerance. Turn off services that you don’t need to reduce the attack surface of your device.
Make sure your connected devices are configured to accept authenticated firmware updates. If it is not possible to configure your device for automatic updates, you may need to check the manufacturer’s website regularly for them. Updates are vital to ensuring ongoing security over the life of the device.
Control access to your device, and protect the data it collects and processes, with the strongest mechanisms available. Don’t just think of your device for the function it performs; think of it as an entry point to anything on your network.
When deciding to use SMS-based two factor authentication (2FA) on foreign devices, we must be aware that we’re exposing our password to an entirely new device that could be subject to breaches and also at risk of being intercepted while messages are in transit.