18 World Password Day Quotes from Industry Experts in 2023

For World Password Day, the editors at Solutions Review have compiled a list of comments from some of the top leading industry experts.

As part of World Password Day (May 4) we called for the industry’s best and brightest to share their Access Management comments. The experts featured represent some of the top Cybersecurity solution providers with experience in these marketplaces, and each projection has been vetted for relevance and ability to add business value.

Widget not in any sidebars

18 World Password Day Quotes from Experts

Igor Volovich, VP of Compliance Strategy at Qmulos

In today’s increasingly connected world, it is important to recognize that password security is only one aspect of a larger, multidisciplinary effort to protect digital assets and personal information. A secure and resilient enterprise must adopt a multifaceted approach to cybersecurity, incorporating various defense, monitoring, and response measures. This holistic perspective acknowledges that security is a continuous process, with security frameworks serving as invaluable guides for organizations to deploy and maintain comprehensive protection. Passwords, simply put, are just not enough, no matter how strong.

Often, compliance is treated as a lagging indicator due to its focus on the past state of security controls. However, integrating compliance into real-time monitoring can significantly transform this perspective. By employing continuous control monitoring, enterprises can maintain awareness of their security posture on the same timescale as potential attackers, rather than relying solely on traditional defensive measures like strong passwords or multi-factor authentication. In a rapidly evolving threat landscape, organizations must prioritize real-time assessments to effectively mitigate risks and maintain a robust cybersecurity infrastructure.

Shiva Nathan, Founder & CEO of Onymos

There will be increased adoption of more secure technologies than passwords, particularly with the onslaught of cybercriminal activity and increased focus on privacy. More websites and apps will offer alternate authentication mechanisms to passwords, many of which will involve biometrics. The two major platform players — Apple & Google — will increase the adoption of passkeys/FIDO. It will be interesting to watch how the other two behemoths that do not control a consumer platform — Amazon & Microsoft — react to this change.

Jim Alkove, CEO of Oleria

The time for protecting data solely with passwords has come and gone. Today’s rapidly accelerating business environment necessitates strong multi-factor or passwordless authentication and a transition to new adaptive and autonomous approaches to access. Adaptive access allows an organization to reduce the risk of breaches by granting just the right access at the right time for the right duration. Autonomous access frees an organization from the expense of today’s largely manual approaches to managing access and allows them to accelerate with the pace of business, confident that data is protected.

Patrick Harr, CEO of SlashNext

Every May, we recognize World Password Day as an international effort to empower individuals and businesses to keep their data safe and enable better password habits. Passwords have been basic cyber hygiene for decades But, sadly, they are no longer enough to keep our personal and corporate information safe amid today’s rising attacks. If you don’t use strong passwords or if you are constantly using the same ones across all your devices, you’re putting your data and devices at risk. Proper password hygiene is of course critical, but even following password best practices to the letter can’t prevent hackers from obtaining access to accounts and systems.

According to SlashNext’s The State of Phishing Report 2022, 76 percent of the attacks found in 2022 were credential harvesting, which is still the number one cause of breaches, as demonstrated in the high-profile breaches in 2021 and again in 2022 with Twilio, Cisco, and Uber, all starting with credential theft. Additionally, given the rise of new AI tools like ChatGPT, hacking passwords has become easier than ever. According to a study by Home Security Heroes, almost 51 percent of all common passwords can be cracked easily in less than a minute by AI. Apart from this, 65 percent of the common passwords were cracked by the AI in less than an hour, whereas 81% of the passwords took less than a month. In this case, using security tools with AI technology is important to stop these AI-based attacks that are aiming to steal your credentials. You have to fight AI with AI.

One of the most effective ways to prevent unauthorized access is by requiring additional validation of login credentials during a user’s authentication process known as Multi-Factor Authentication (MFA). MFA effectively protects against “credential harvesting,” where hackers gather stolen passwords to launch attacks. This can be as easy as a user providing his/her password, then entering an accompanying numeric code from an SMS text.

It’s also common knowledge (although often ignored) that you should never use the same password for different accounts, since hackers who obtain a legitimate password will try it across different systems in hopes of gaining access to more critical data. You should also change passwords routinely to limit the amount of time a hacker can spend in accounts in the case it was compromised.

Overall, World Password Day reminds us how important it is to make cyber hygiene a top priority, especially in this new hybrid work environment which has made employees more vulnerable to attacks.

Darren Guccione, CEO and Co-Founder of Keeper Security

Along with evaluating personal password hygiene, World Password Day is a fantastic opportunity for IT security teams to consider their password and secrets management policies. This is a pervasive problem, as our 2022 UK Cybersecurity Census report found that nearly a third of organizations allow their employees to create their own passwords and share passwords using insecure means.

We recommend strong, unique passwords or passphrases for each account that are at least 12 characters with upper and lowercase letters, numbers and special characters. To achieve this, it is essential to use a password manager as a first line of defense. This will help employees use high-strength random passwords for every website, application and system. A password manager will drastically reduce the chances of a compromise that can hurt a company’s reputation or brand. To add an additional layer of security, we also recommend enabling MFA, such as an authenticator app, to protect against remote data breaches.

Password managers can also help colleagues securely share passwords and access to accounts. Some common mistakes include sharing passwords through unencrypted emails or messages, storing passwords in a spreadsheet or text file and making the passwords less complex so they are easier for multiple people to remember. Another key advantage of a password manager is that it makes it easier for teams to protect their shared accounts with MFA.

Ricardo Amper, CEO and Founder of Incode Technologies

This isn’t a reminder to change your password– this is a call to dramatically revolutionize everyone’s day-to-day lives.

Machine Learning, quantum computers, fingerprint biomarkers– we’re living in the future, and the next generation of passwords is finally at our disposal. AI is mature enough for us to skip past band-aid fixes and leapfrog to the end all be all: biometrics. With your unique identity markers, yesterday’s hard-to-remember framework can be fully transformed – say goodbye to the 85 different passwords supplemented by tokens and MFA codes accessed via app or SMS for full control over who accesses your account. It’s no longer a matter of time before your account is hacked: your face is the best defense against cybercriminals’ man-in-the-middle or phishing attempts, since it’s entirely unique to your own identity. We can bypass the easily broken, friction-filled system to create lasting Trust between people and the organizations that serve them.

On this World Password Day, we echo last year’s call for biometrics as the future of passwords and challenge organizations to rethink the way they serve people. Supplementing biometrics with AI creates a more secure, accurate, and seamless means of verifying someone’s identity instead of or alongside passwords. This unprecedented turning point is an opportunity to reimagine everything from lines at the DMV to how we connect with each other online.

We have the ability to eliminate friction but, most importantly, create global equity and social and economic mobility through self-sovereign identities.

Joseph Carson, Chief Security Scientist at Delinea

World Password Day serves as a reminder to reflect and think about your password health. If you’re anything like me, you are not a fan of passwords – having to frequently change them and choose the next great password that is better, longer and more unique than the previous one.

This World Password Day, let’s take a moment and think about how we can remove passwords from our lives and into the background, while making our digital lives safer. A great place to start is by using a Password Manager. A Password Manager will let you know when your password needs to be changed, when it’s weak, or when it’s reused. Even better, when used in conjunction with multi-factor authentication (MFA), it takes away the tedious take of choosing – and remembering – your next great password.

Let’s use this World Password Day to move passwords out of our lives, into the background, and make our digital world a safer place.

Kevin Higgins, Senior Consultant at Optiv

World Password Day is a great reminder that strong password hygiene remains one of the most effective ways to prevent account credentials from being compromised. And, we need this reminder because people continue to be the weakest link when it comes to password security. We are conditioned to choose passwords that are easy to remember and to follow similar password creation patterns (e.g., capitalizing the first character or ending with an exclamation point). Not to mention, many people still reuse passwords across accounts and share passwords with others. In fact, according to PC Magazine, 70 percent of people admit they use the same password for more than one account, and Google reported that 43 percent of adults have shared their password with someone.

Weak passwords can lead to cyberattacks, not only against consumers but entire organizations. With this in mind, World Password Day is the perfect reminder for us to review our password practices and make improvements, where necessary. A few best practices include making your passwords complex with at least 12 or more characters; considering using a ‘passphrase’ where a sequence of words makes up the password (e.g., penguins live at the zo0!); not using the same passwords on multiple accounts; using a password manager to auto-generate passwords and store credentials in a safe, encrypted database; and use multi-factor authentication when available.

Danny de Vreeze, Vice President, Identity and Access Management at Thales

The average consumer has hundreds of passwords, and despite continued warnings, these passwords are consistently reused, weak and easily hackable. Stolen credentials are one of the leading entry points for cyberattacks, and 37 percent of respondents to the 2023 Thales Global Data Threat Report (DTR) reported experiencing a breach in the past 12 months, many of which have led to time and money lost for enterprises and individuals alike.

The good news is that we’re seeing improvements across the board on awareness of these risks — and solutions to mitigate them. We’re seeing a renewed focus on staff training, strong authentication implementation and changing security policies around access management, all designed to reduce human error and improve weak password practices. In fact, 28 percent of respondents to the DTR believed that identity and access management (IAM) was the best defense against security risks. As we look to shift towards more secure authentication, these are the critical stepping stones to ensuring weak passwords are a threat of the past.

Jim Broome, President and CTO of DirectDefense

When it comes to password security, it’s important to remember that the password prompt is often the first line of defense against cyber threats. One effective strategy is to replace traditional passwords with password phrases, which are easier to remember and more secure. Increasing the domain password length to 15 characters and blacklisting commonly used passwords such as Password1, Welcome1, or Winter2016! can also significantly reduce the risk of password-related security breaches. It’s equally important to perform regular password audits and disable legacy protocols to uncover potential vulnerabilities. Strengthening monitoring and alerting capabilities within the internal network can also help detect and respond to security threats more effectively. Additionally, password-less authentication solutions like Microsoft Entra can offer a more advanced solution for organizations that have the resources to implement them.

Bassam Al-Khalidi, Co-Founder & Co-CEO of Axiad

This World Password Day, instead of coming up with new ways to secure passwords, organizations should consider doing away with them altogether. Passwords are an ineffective way to protect data – they’re complicated to remember, easily hackable and an interruption to workflows. Instead, forward-looking organizations are adopting passwordless approaches. The benefit of a passwordless strategy is not just improved security, but also lower end user friction as well as lower administrative costs associated with tactical actions like password resets. On top of that, many passwordless alternatives – like certificate-based authentication (CBA) and FIDO passkeys – also deliver phishing resistance. With recent guidance from CISA, NIST, and even the White House OMB focusing on the importance of becoming more resilient to phishing-based attacks, this added benefit is timely and significant. Passwordless is the most effective way in today’s threat landscape to protect what matters most; and with so many benefits for security executives, administrators, and end users, it truly represents a win-win-win.

Dan Conrad, AD Security and Management Team Lead at One Identity

World Password Day was created as a cybersecurity reminder to use strong passwords or change old or unsecure ones. If we’re honest, it’s been an overdue reminder for longer than any of us in security thought necessary. It can seem obvious to some, but many businesses are still dealing with the most basic of breaches because they aren’t using best practices. Organizations need to be accountable for having – or not having – password and identity security practices that secure their critical assets. If critical assets aren’t explicitly protected by MFA (and admin privileges aren’t protected in the same way), or if someone can get data by typing in “Password1”, that’s a serious oversight, and an unacceptable risk to the business.

In the future, I’d love to see World Password Day become World Secure Authentication Day, World MFA Day or even World Passwordless Day as our strategies for identity security evolve. If we can all get on board with basic best practices and rigorous education, we might just get there.

Vittorio Bertocci, Principal Architect at Okta

It’s 2023. Celebrating “World Password Day” honors a 60-year-old technology. Passwords are a bad habit we should help the world break free from, even if we know it will take years to do so. We should take a page from the many holidays that have evolved over time and institute a “World Passwordless Day”, during which we collectively come together as an industry to raise awareness about the dangers of passwords. Together we can help users, developers and administrators alike to learn about what options they have to migrate to passwordless, and how much better their life can be without passwords.

Will Bass, Vice President, Cybersecurity Services at Flexential

Passwords are the first line of defense to keeping systems safe from bad actors. Unfortunately, many passwords are easily cracked using widely available tools. An eight-character password can be cracked within a few hours, even when using numbers, upper and lowercase letters, and symbols. As a result, it is important to use hard-to-crack passwords as well as unique passwords, especially when accessing sensitive data.

The most important thing you can do to have a solid password is to make it long. With current technology, a password of 18 upper and lowercase letters would take six trillion years to crack. Adding numbers and symbols makes it even harder. The two easiest ways to do this are by using passphrases and password safes, which also help with keeping passwords unique.

Ian Leysen, CEO, CSO, and Co-Founder of Datadobi

World Password Day serves as an important reminder to individuals and businesses alike about the critical importance of password security in protecting sensitive data. World Password Day is also a reminder that as the frequency of data breaches and cyber-attacks continue to rise, we cannot rely on passwords alone.

From a business perspective, relying solely on passwords to protect critical data is an especially risky proposition. The next step must be to employ data governance policies that designate what constitutes critical data that must be protected. However, even with these policies in place, protecting data that you cannot find is impossible. Businesses need a technology solution that enables them to locate and organize all critical data, and then take appropriate action to secure it. This may involve creating an immutable copy, moving it to a more secure environment, creating a “golden copy,” and/or transferring the data to a storage solution that can be air-gapped for even greater protection from online threats. This tailored approach is much smarter than relying on broad security measures that may not be effective in all situations.

To sum it up, combining strong passwords with data governance policies and a technology solution to enforce those policies is an unbeatable approach to data protection and security. In doing so, businesses can safeguard their sensitive information – especially from the growing threat of cyber-attacks, consequently enabling them to comply with regulations, as well as protect their intellectual property, reputation, and bottom line.

Don Boxley, CEO and Co-Founder of DH2i 

World Password Day is a day to acknowledge the pivotal role that passwords play in our digital lives. It is also a day that reminds us how prevalent cybercrime has become, and while creating strong and unique passwords and regularly changing them is critical, passwords must be considered a first-line, not the only-line, of defense.

Historically, VPNs were considered a reliable line of defense against cyber threats, but their popularity is rapidly declining due to their limitations in terms of security, slow connection speeds, bandwidth constraints, configuration and management complexity, and high cost. On the other hand, Software-Defined Perimeters (SDP) are gaining popularity as a safer and more efficient alternative. Advanced implementations of SDP allow users to establish direct connections with application-level Zero Trust Network Access (ZTNA) tunnels, eliminating the involvement of third-party vendors in the data stream. With SDP, users have direct access to the data endpoints they need, without any intermediaries. In comparison to VPNs, only SDP can prevent lateral network attacks, enhance data transfer rates by up to 3x, and offer complete control over the data stream.

Bottom-line, bullet-proof passwords combined with SDP provide unparalleled security to eliminate cyber threats. Passwords act as the first line of defense, while SDP’s advanced security features ensure only authorized users access the network and data endpoints, reducing the risk of cyberattacks, data breaches, and lateral network attacks on World Password Day, and all year round.

Steve Santamaria, CEO of Folio Photonics

Cybercrime is a growing threat to individuals and businesses alike. Hackers are constantly looking for ways to exploit weaknesses in our digital security, steal our personal and sensitive information, and hold it for ransom. One of the most common ways that cybercriminals gain access to our accounts and information is through weak or easily guessable passwords. World Password Day serves as a reminder that using strong and unique passwords is critical to protecting our digital presence. But it’s not enough. Hackers are becoming more sophisticated in their tactics, and relying solely on passwords for protection is like leaving your front door unlocked in a high-crime area.

To truly safeguard our digital assets, we need to employ multiple layers of data protection. This includes things like two-factor authentication, encryption, and regular system updates. But even those measures may not be enough. That’s why having a secure, tamper-free data archive that uses WORM media is so important. It can safeguard your assets while helping you recover from a ransomware attack or other data loss event; subsequently, reducing the impact that this disaster has on your business operations.

But to truly take your cybersecurity to the next level, you may need to consider air-gapping your data archive. Air-gapping your data means physically disconnecting it from the internet or any network connection, making it virtually impossible for cybercriminals to access it. When an air gap is combined with WORM media, it becomes the ultimate protection and should sit at the base of any cyber-resilient infrastructure. While this has often been used in the most sensitive, highest security environments, it is becoming more-and-more commonplace to see other types of organizations deploying it as well.

So, if you’re not taking cybersecurity seriously, it’s time to wake up and smell the coffee. The threat of cybercrime is real and growing. If you don’t take steps to protect your digital presence, you could be the next victim. So, use World Password Day as a reminder to take action and employ multiple layers of protection to safeguard your digital assets.

Bob Eckel, CEO of Aware

We know that changing ingrained systems can often be very difficult, and passwords are no exception. Having been the de facto form of authentication since the beginning of the computing era, there are many reasons for passwords’ longevity, including the fact they are inexpensive and easy to implement. But passwords’ weaknesses are obvious, with an estimated 80 percent of breaches being the direct result of stolen and/or weak passwords.

More recently, password management systems have been encouraged as a way to promote good password hygiene, supposedly making them less prone to theft or misuse. However, last year’s hack of LastPass, a major password manager, dramatically changed this landscape and raised a vital question: if a major password provider can be breached, why are we still relying on non phishing-resistant, outdated authentication techniques like passwords anyway?

The aim of World Password Day – “fostering good password habits that help keep our online lives secure”: – is commendable. But with cloud-based biometric authentication within reach for even the smallest organizations – combined with the adoption of decentralized identity techniques meaning there’s no central repository of biometric data to hack – we believe the best type of password hygiene for today is actually the elimination of passwords altogether.

Widget not in any sidebars