Each year, the first Thursday in May marks World Password Day. Originally created by Intel in 2013, this day was designed to inspire better password habits and encourage people to better secure their online accounts.
Strong passwords are crucial for protecting sensitive information and preventing unauthorized access to accounts. They serve as the first line of defense against hackers and safeguard personal data, financial accounts, and other online assets.
In support of World Password Day, cyber security organizations around the world like are encouraging everyone to assess the strength and security of the passwords they use to secure online accounts from hackers by taking the ‘Password Pledge’, and providing additional tips such as:
- Change an old password to a long, strong one
- Turn on two-factor authentication for your important accounts
- Password protect your wireless router
- Don’t store passwords on your computer or phone
- Log off when you’re done with a program
- Periodically remove temporary internet files
Brent Johnson, CISO at Bluefin, believes that as protectors of customer financial transactions, it is important to understand how crucial an organization’s role is in upholding security standards and mitigating risks. Johnson emphasizes the importance of multi-factor authentication (MFA) and password managers.
“Users should always enable multi-factor authentication (MFA) wherever possible on accounts.
While not all experts agree on the use of password managers and centralizing passwords in one place, many would argue a strong master password in conjunction with multi-factor authentication enforced is a secure choice for most users. The ability to generate strong and unique passwords for every account, coupled with synching passwords to multiple devices and simply not having to remember all of one’s passwords, is a great option. Users also have the option of adopting a hybrid model and keeping their few most important account passwords elsewhere.”
Enhancing Security with Passwordless Authentication and Passkeys
Johnson states that passwords will be around for quite some time, but there is definitely a shift to passwordless/passkeys, as they are more secure, phishing resistant, and easier to use.
“Passwordless authentication helps to greatly reduce the risk of someone stealing login details or obtaining unauthorized access. Techniques like using a fingerprint, a special code, or a combination of security checks (like having to confirm your identity in different ways) build strong defenses against cyber threats while also making systems easier to use.”
Passkeys work by using the special features of your phone or tablet to securely confirm your identity without needing a regular password. To use passkeys, users register their devices with a backend authentication system, generating a unique cryptographic key pair securely stored on the device. When authentication is required, the registered device generates a passkey, derived from its hardware and software characteristics, along with user-specific factors like biometric data. This passkey is securely transmitted to the authentication server, where it undergoes verification based on cryptographic properties and user authorization. Upon successful authentication, users gain access to the desired resource or service, eliminating the need for traditional passwords.
In everyday tasks, Johnson suggests:
– Setting your password manager and computer to automatically lock when you step away
– Never leaving your phone unlocked and unattended
– Having a backup email address that is different from your main one, and keep any recovery information in your password manager
Protecting Against Data Breaches
While sophisticated cybersecurity technologies help, it is important for organizations to remember that everyone has a big part to play in maintaining the integrity of their systems. Even a small mistake could increase the risk of a data breach.
Whether you are handling payments, managing data, or talking to customers, what you do affects the security of your organization. If one person’s account gets hacked or they accidentally share sensitive information, it opens the door for hackers to gain access.
Johnson suggests that any employee in an organization should:
– Always use strong passwords and security checks, and notify your organization if anything seems strange with your account
– Handle sensitive information with care, follow established protocols for data encryption and storage, and avoid sharing credentials or access privileges
– Double check the origin of Emails/SMS/other messages for their integrity
– Make sure to use https and end-to-end encryption
– Keep learning about security, staying up to date with the latest threats, and asking our security team if you’re not sure about something.
By making security a priority, organizations show their dedication to keeping customers’ trust and their date secure.