World Password Day: Poor password security takes centre stage

It’s World Password Day so cybersecurity experts take the opportunity to talk about the alternatives to passwords

Posted 6 May 2021 by Christine Horton

As we know, the tech industry loves a designated day to celebrate its different aspects, such as World Backup Day, National Flash Drive Day (yes, it’s a thing), and even Identity Management Day. The cybersecurity sector is no different – today is World Password Day.

But it seems cybersecurity firms are using the day to point out the vulnerabilities associated with password use.

One survey by Bitwarden shows that nearly two thirds of people still rely on memory to recall passwords – yet one in five need to change their passwords at least several times per week because they forget them!

Ironically, 43 percent of Brits don’t use a password manager because they think their method of memory or computer storing works. And just 46 percent of Brits are only somewhat familiar with best practice for password security.

Multi-factor authentication

Corey Nachreiner, CTO at WatchGuard Technologies says the day has served as an annual reminder that we all need to practice better password security. Yet, 80 percent of breaches began with brute force attacks, or lost or stolen credentials last year.

“Attackers add millions of new usernames and passwords every day to the billions already available on the dark web. This has been the trend for years now, so at a certain point we have to ask if daily headlines on the latest security breaches and hacks aren’t enough of a cue to practice good password hygiene, is there much value in World Password Day?

“Yes, it’s a helpful prompt to use best practices like changing passwords for your accounts regularly, choosing strong passwords or passphrases with at least 16 characters, using a unique password for every account, and leveraging password managers to keep track of them all. But these password security policies should be basic table stakes at every organisation by now and should be required and reinforced all year long.”

Nachreiner believes that a ‘World MFA [multi-factor authentication] Day’ would be more suitable for strengthening corporate and individual security.

“It’s an absolute no-brainer when it comes to addressing the widespread and persistent issues around poor password security and should be a primary focus for both businesses and individual users,” he says.

Heartbeat and brain waves?

Rick McElroy, Principal Cybersecurity Strategist at VMware Security Business Unit says using a password is “as antiquated as using a standard key on your front door – it’s locked but someone can copy the key or pick the lock and still get access.”

He also believes it is important to prioritise MFA, in the form of behavioural and continual authentication, and move away from a central store of identities, which can easily be hacked. 

“Moving forward, we’ll begin to witness hand and fingerprint biomarkers, two-factor authentication with a mobile device and facial recognition replace traditional password authentication processes. At some point in the future, DNA will probably be used to verify identity in the medical field. Long term, I could see a future where a combination of measurements like a heartbeat and brain waves could be used, making it more difficult than ever for cybercriminals to break the digital lock.” 

For now, there are password managers

Brits are putting safe password practices into play in some areas. Sixty-seven percent of Brits have an average password length between 9-15 characters, compared to 60 percent globally. Also, globally 65 percent of people think that their workplace should provide a password manager at work, and 55 percent of Brits using a password manager did so because it looked a good way to protect their digital information.

“It’s encouraging to see so many people reporting familiarity with password management best practices,” said Bitwarden CEO Michael Crandell. “While there are holdouts, it shows we need to do more education on the benefits and ease of use of password managers.”

Luis Navarro, co-founder of IT support firm, Totality Services, says: “We appreciate passwords are the bane of modern life! Creating strong, easy to remember but hard to crack versions can seem a challenge. However, it’s actually easier than you think. In reality, you don’t need a random jumble of numbers, letters and symbols to keep the cybercriminals at bay.”

In short, the firm says if you do need to use a password, the more obscure the better. Passwords should be long and difficult to crack, contain a mix of upper and lowercase letters, and include numbers and symbols. You should also use a unique username and password for every separate online account – using a password manager help store all your passwords securely.

It will be interesting to see if we’re still having the same discussions on next year’s World Password Day.