Press ReleaseCyber SafetyIdentity & Access

KnowBe4 Urges You to Level Up Your Online Defence on World Password Day

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, celebrates World Password Day by encouraging users to strengthen password hygiene practices to stay cyber-safe.

With digital security more critical than ever, World Password Day is an annual call to action for individuals and organisations to strengthen their password practices. Originally created by security researcher Mark Burnett in 2005, the day reminds us to update our passwords regularly and adopt best practices to protect our digital lives. With the rise of data breaches and cyberattacks, it is time to discard weak and insecure passwords and reinforce cybersecurity defences.

Roger A. Grimes, data-driven defence evangelist at KnowBe4, emphasises the importance of password security based on over thirty years of examining password attacks. “The uncomfortable truth is that password strategies have not kept pace with the skills of modern hackers. Far too many people are still using passwords that could be cracked in a matter of minutes or even seconds. It is not just about complexity, it is about approaching passwords with a mindset of strategic defence,” said Grimes.

Most cyberattacks are the result of a number of contributing factors and the combination of weak passwords and social engineering rank as some of the highest among them. Yet people continue to use the same weak and easy-to-penetrate passwords both at home and at work, share their passwords with others and store them in easily accessible places. This means that, for example, if one of a user’s social media accounts is compromised, there is a high probability that their work email is also vulnerable to hackers as well.

Grimes identified that password attacks generally fall into four major categories:

  • Password guessing

  • Password theft

  • Password hash cracking

  • Password bypass

In response to ongoing cyber threats, constructing strong, unpredictable passwords that can fend off guessing attacks, as well as changing passwords often, are recommended. With phishing implicated in 79% of credential thefts, according to Egress Software Technologies, one of the best defences lies in blocking phishing attempts before reaching users and by providing security awareness training for appropriate mitigation and reporting if they do encounter them.

Advanced security measures, like multi-factor authentication (MFA) combined with biometrics, also add layers of protection. By combining something users have (a device) with something they are (biometric data), and coupling these with complex passwords, make it much more difficult to phish, guess or predict and thus far more secure.

Password Best Practices Advice

  • Instead of using a password, create a passphrase. This can be a sentence or a combination of words that is easy for you to remember. For example, CoffeeB4WorkIsTheBest! or MyFavouriteMacMealIs#51. Integrate numbers and special characters into passphrases to make it even more difficult to crack.

  • Add multi-factor authentication and biometrics to your login process.

  • Avoid using the same password across multiple websites and accounts, and definitely do not use the same passwords at home and at work.

  • Use a password manager. This ensures unique, long and complicated passwords for every single place that you need to log into. Password managers also eliminate the human element of creating passwords and make it impossible to share with anyone. Remember, the more people who know your password, the more vulnerable you and your organisation are to cyberattacks.

For further insights and more on best password practices, read Grimes’s blog post here.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *