Consign World Password Day to depths of history, says security firm
The first Thursday of May is annually designated World Password Day. The day was created by Intel to promote better password habits and create awareness for the need for good password security.
One expert however is using this year’s World Password Day to emphasize the need to move beyond passwords and adopt multi-factor authentication, where a user is asked to provide an additional method to prove their identity.
Allen Storey, Chief Product Officer at Intercede said in a statement: “Bill Gates famously predicted the demise of the password back in 2004. However, fast forward 14 years and it’s arguably still alive and well; here we are celebrating another World Password Day. Whilst the day serves to raise awareness for the importance of strong passwords and best practice for online security, its effectiveness is questionable. Passwords remain the main culprit for the majority of the large-scale cyber breaches we’ve seen in recent years. Despite this, year after year we see an influx of reports on the ‘most common passwords’ being as easy as ABC or 123. The reality is this authentication method is inherently insecure and easy to hack for even the most amateur of cybercriminals. Yet we continue to use them to secure our most private information.”
“However, we can’t just blame consumers. Research we conducted found that 86 percent of systems administrators within major UK enterprises — those people that hold the keys to ‘access all areas’ — are using basic username and password authentication to protect sensitive data (20% don’t even bother with a complex password). What’s more, half of the companies in question admitted that business user accounts in their organisation were ‘not very secure.’ This screams irresponsibility, especially as GDPR [General Data Protection Regulation] looms on the horizon. If businesses can’t be trusted to properly secure access to critical information, how can consumers trust those businesses with their personal data?”
“If anything, World Password Day highlights that we’re still not taking security seriously enough. More robust, readily available alternatives are still being overlooked. The right security methods are out there and incorporate two of three distinct elements – possession (something you have, such as a smart card or smartphone), knowledge (something you know, such as a PIN) and inherence (something you are, such as a fingerprint or face ID). These multiple levels of authentication make it much more difficult for cybercriminals to compromise – all it takes is a willingness from companies to implement. With this in mind, it’s time we stopped scratching our heads trying to recall a ‘memorable place’ or our ‘first pet’s name.’ Like passwords, World Password Day should be consigned to the depths of history.”
Storey works for Intercede, a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world.