May the fourth is recognised globally as Star Wars Day – a celebration of the sci-fi movie franchise and play on the most famous quote from those films ‘May the Force be with you’.
When the first film came out back in 1977 – ‘a long time ago in a galaxy far, far away’ – we did not have home computers, the internet, or smartphones, which also meant we did not have passwords.
As well as being Star Wars Day, 4 May is also World Password Day – a time to remind us all to refresh and rethink our strategy when it comes to safeguarding our digital lives against cyber criminals.
International law firm Womble Bond Dickinson (WBD) surveyed 3,000 people and found that 25% use the same password for both personal and work use – which could easily expose an organisation.
The least safety conscious, according to the survey, were Gen Z digital natives (18-24-year-olds) with almost 40% using the same passwords. The Boomers (55-64-year-olds) claim to never duplicate their passwords, in 89% of respondents.
“In today’s rapidly digitising world, strong password practices are more critical than ever, providing a vital barrier to cybercriminals – particularly in the corporate world,” said WDB cyber security expert Andrew Parsons.
“Human error is a password hacker’s dream and, likewise, human behaviour plays a vital role in ensuring organisations and people are protected.”
Parsons says organisations should create long and unique passwords for all accounts, never share passwords, implement two-factor authentication and change passwords on a regular basis.
Password protection being overlooked as biometrics gain traction
Rex Booth, CISO at SailPoint, argues that the recent rise in biometrics technology and multi-factor authentification means many organisations have overlooked the humble password.
“Passwords are a critical element of our digital security ecosystem, yet often, they are neglected, reused and shared across multiple accounts,” says Booth.
“This World Password Day, there needs to be a shift in mindset – putting password hygiene at the forefront of all online activities. It sounds like common knowledge, but when it comes to protecting your digital identity, simple maths is key. With a 10-character password made of numbers and letters taking about 7 months to crack, and a 12-character password taking up to 2,000 years.”
Every year millions of internet users have their passwords stolen, and for a large organisation, that one breach could impact millions of accounts and cause considerable damage.
“With our need for passwords not going away, it’s crucial that people start to take password best practise more seriously,” says Lauren Hendry Parsons, privacy advocate at ExpressVPN.
Steve Bradford, Senior Vice President, EMEA, at SailPoint agrees, adding that while the technology that we use may have changed in the internet era, the password has been a constant and critical security tool.
“There is more individuals and businesses should be doing to protect their digital identities in the digital era,” says Bradford.
“To start, where possible, multifactor authentication (MFA) for online accounts should be used. This sends a user multiple identification verifications before they can gain access to an account – providing an additional layer of protection. Hand in hand with this comes single sign-on (SSO) which offers an alternative to constantly entering passwords, requiring only one login that applies not only to the identity provider, but also to all other assigned applications.”
While there is plenty of advice out there for business leaders, there is no hard and fast solution.
“There’s no single or right way for organisations to authenticate customer, employee, or citizen identity,” said Kieran Hernon, VP of Digital Identity Sales EMEA & APJ at Entrust.
“There is always a trade-off between providing relatively frictionless access experiences and incorporating safeguards that confirm users are who they claim to be. The authentication methods you employ can – and should – change depending on the sensitivity of data users are accessing, whether you’re serving customers or employees, or if atypical login behaviours are exhibited.”