![\"Top-Tier](\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/privileged-access-management-MOD.jpg\")
<\/p>\n<\/p>\n
Solutions Review compiles and shares top-tier password best practices for World Password Day 2021.\u00a0<\/strong><\/em><\/p>\n World Password Day is one of the most prominent tech holidays among cybersecurity professionals. On this day, we discuss how to promote stronger password strategies and best practices<\/strong><\/span><\/a>…or even whether passwords should be part of the larger authentication discourse in the first place.\u00a0<\/span><\/p>\n Check out just a few of the cybersecurity<\/a><\/strong><\/span> experts we reached out to for their top-tier password best practices.\u00a0<\/span><\/p>\n Tom \u201cTJ\u201d Jermoluk is CEO of <\/span>Beyond Identity<\/span><\/a>.<\/span><\/em><\/p>\n \u201cWhen World Password Day was established in 2013, the world recognized that passwords were a necessary evil, despite being a flawed and insecure method of authentication. But the root of the problem goes back to the foundation of the \u2018commercial internet\u2019 in the mid-1990s, when Netscape and others enabled widespread access and consumer accounts, prompting a massive need and meteoric rise in password use, and beginning an era of consumer insecurity and exposure.<\/span><\/p>\n Fast forward to today and the problem has ballooned. Verizon\u2019s 2020 Data Breach Investigations Report (DBIR) revealed that 80 percent of breaches use stolen credentials, collected either through database leaks or phishing attacks. And even if you follow recommendations for password hygiene, criminals can still get their hands on your password through a range of means \u2013 from fraudulent \u2018phishing\u2019 sites to insecure password databases and even commandeering your phone to intercept password reset messages.<\/span><\/p>\n The industry has responded by putting an even greater burden \u2013 not to mention blame \u2013 on consumers, to compensate for what can only be described as a complete systemic failure and an unwillingness to upset the market apple cart by refusing to fix the foundational issue. Complexity and user frustration are ever-increasing with forced password resets, cumbersome password creation requirements, and extra steps for multi-factor authentication (MFA). In summary, consumers must expect and demand better of their internet security and end the \u2018stupid user\u2019 blame game. The industry itself is headed in this direction with corporations and groups advocating for the eradication of passwords \u2013 but the industry is not moving fast enough, and the technology exists to make change now.\u201d<\/span><\/p>\n Tim Bandos is CISO at <\/span>Digital Guardian.<\/span><\/a>\u00a0<\/span><\/em><\/p>\n \u201cWhile a lot of the coverage about passwords focuses on business users, it\u2019s really important not to overlook children and teens in this discussion. They will typically make some of the same types of common mistakes as adults when creating and using online passwords, but there are several that stand out the most for this age group.<\/span><\/p>\n One of the worst is sharing credentials with friends, boyfriends\/girlfriends, etc. At that age, relationships tend to be shorter in duration and some kids end up using the shared access against each other such as posting inappropriate messages on social media accounts or conducting surveillance over account activity. This type of password-sharing behavior may even stem from early childhood when parents would share their credentials with their kids for accessing devices or online sites. This should be avoided at all costs.<\/span><\/p>\n Secondly, kids and teens are exposed to devices everywhere they go from the library, to school, to over a friend\u2019s house, etc. It\u2019s important to avoid entering your credentials on untrusted devices that you do not own, control, or completely trust. Devices in public places should only be used for anonymous web browsing and not for logging into any of your online accounts since passwords can be easily stolen from these types of computers.<\/span><\/p>\n Finally, it\u2019s important to avoid using personal information when creating any of your passwords. Young kids, and even adults for that matter, want to generate a password that is easy enough to remember. So they\u2019ll use their name, birthdate, address, phone number, etc. These are all details that can be either easily guessed or end up further exposing you if a website is ever compromised.\u201d<\/span><\/p>\n Dr. Mohamed Lazzouni is CTO of <\/span>Aware<\/span><\/a>.<\/span><\/em><\/p>\n \u201c2020 saw a huge spike in cyber-crime following the COVID-19 pandemic, and as 2021 progresses the vulnerabilities continue to surge across all sectors. World Password Day was born to popularize some of the best practices in password protection, mainly the need to change passwords, use different ones for different applications, and choose complex compositions using letters, symbols, and numbers.\u00a0<\/span><\/p>\n However, the benefits of varied, long, and complex passwords add to the burden and the anxiety of the user. Luckily, many technologies have progressed significantly to lower the friction without compromising on security. As an example, biometric authentication gained considerable adoption amongst users to simply use face or voice biometrics to unlock devices or sign in into accounts.<\/span><\/p>\n If users must continue to use passwords, they should ensure they are following password hygiene in order to remain resilient to attacks on their personal information \u2013 many of which are not difficult to implement.<\/span><\/p>\n Tim Sadler is CEO and Co-Founder of <\/span><\/i>Tessian<\/span><\/i><\/a>.<\/span><\/i><\/p>\n \u201cWorld Password Day is a great reminder to take inventory of our passwords, including where they are stored, whether you reuse them for multiple accounts, and their complexity. Tessian\u2019s recent report found that 77 percent of people reuse passwords, and 21 percent use predictable cues like their favorite football team, their pet\u2019s name, or birthdays when crafting passwords. The problem? These personal details are likely to be found on people\u2019s social media channels, making it easy for hackers to scan publicly available information to try to crack passwords or even answer the security questions.\u00a0<\/span><\/p>\n To prevent account takeover and business email compromise, CISOs and their teams should help educate employees about their social media footprint, cybersecurity best practices, and how to spot impersonation attacks. They should also reinforce the need for strong passwords that don\u2019t include names or names of pets, birth dates, location, or other information that\u2019s easy to find online. Even better, use a password manager like 1Password to randomly generate impossible-to-hack passwords. And while it can be tempting to reuse passwords that are easy to remember, never reuse or duplicate any passwords for personal or professional accounts. A bad actor could guess just one password and gain access to multiple accounts.\u201d<\/span><\/p>\n Corey Nachreiner is CTO of <\/span>WatchGuard Technologies<\/span><\/a>.\u00a0<\/span><\/p>\n \u201cWorld Password Day has served as an annual reminder that we all need to practice better password security for nearly a decade. And yet, 80 percent of breaches began with brute force attacks or lost or stolen credentials last year. Attackers add millions of new usernames and passwords every day to the billions already available on the dark web. This has been the trend for years now, so at a certain point we have to ask if daily headlines on the latest security breaches and hacks aren\u2019t enough of a cue to practice good password hygiene, is there much value in World Password Day?<\/span><\/p>\n \u00a0Yes, it\u2019s a helpful prompt to use best practices like changing passwords for your accounts regularly, choosing strong passwords or passphrases with at least 16 characters, using a unique password for every account, and leveraging password managers to keep track of them all. But these password security policies should be basic table stakes at every organization by now and should be required and reinforced all year long.<\/span><\/p>\n I believe that a \u2018World MFA Day\u2019 would be a more powerful and effective observance when it comes to strengthening corporate and individual security. Authentication is the cornerstone of good security, and multi-factor authentication means users must provide at least one additional token on top of their password to log into an account. These authentication tokens are typically something you are (biometric fingerprint or facial scans), something you have (like a hardware key or mobile phone) and something you know (like a password). MFA allows you to ensure that even if an attacker gains access to one of these tokens, like a user password, they\u2019ll be unable to log in without the second (and sometimes third) authentication token. It\u2019s an absolute no-brainer when it comes to addressing the widespread and persistent issues around poor password security and should be a primary focus for both businesses and individual users. So let\u2019s make World MFA Day a reality in 2021!\u201d<\/span><\/p>\n Thanks to these cybersecurity professionals for their time and top-tier password best practices for World Password Day 2021. For more top-tier password best practices and more, check out the Solutions Review Identity Management Buyer\u2019s Guide<\/a><\/strong><\/span> or the Solutions Suggestion Engine<\/strong><\/span><\/a>.\u00a0<\/span><\/p>\n\t\t\t![\"IAM](\"https:\/\/solutionsreview.com\/identity-management\/files\/2021\/02\/Identity_Suggestion_Engine_Horiz_800.gif\" "\\"\\"")
<\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\nTop-Tier Password Best Practices for World Password Day 2021<\/b><\/h2>\n
Tom \u201cTJ\u201d Jermoluk<\/b><\/h3>\n
Tim Bandos<\/b><\/h3>\n
Dr. Mohamed Lazzouni<\/b><\/h3>\n
\n
Tim Sadler<\/b><\/h3>\n
Corey Nachreiner<\/b><\/h3>\n
<\/div><\/p>\n