The first Thursday of May is dedicated to the importance of creating passwords every year. This year, World Password Day falls on the 7th of May, and we seem no closer to reducing the number of passwords we need to remember.
David Higgins, Technical Director, CyberArk commented, "This World Password Day takes place in the shadow of a ‘new normal’ existence for much of the world’s population, characterised by soaring levels of home work.
"This has resulted in a blurring of previously distinct lines between work and home devices – with more remote workers are using personal devices to access work systems – opening up a vast new potential attack surface. Combine that with common employee practices like saving passwords in browsers or reusing passwords and this new landscape becomes a playground for attackers.
"Effective authentication of all devices now becomes even more crucial in order to protect not only personally identifiable information (PII) but the critical data and assets of the organisations we work for.”
Panda Security marked World Password Day by launching a new Password Manager feature within its Panda Dome protection platform. “Our Internet-connected devices increasingly hold sensitive and confidential information, guarded by online passwords. These passwords need to be complex in their makeup, changed regularly for maximum security and stored securely,” said HervĂ© Lambert, Global Consumer Operations Manager at Panda Security.
Aaron Zander, Head of IT, HackerOne warned, "When
it comes to organisational or institutional security, a lot of what we
can do to bolster our protection can come from within. Password re-usage is often one of the most common pitfalls we see. Once a hacker has been able to access, via an employee’s password, they can go digging through the organisation's databases with insider access. In addition, if this password is reused, the user may see the ramifications across all of their personal and work accounts and devices."
Asked if biometrics could replace passwords Zander said, "Many argue that biometrics could be a better alternative. However if there
is a data breach, you can’t exactly reset your fingerprint – and this
data far more sensitive in the hands of a hacker. At least a password can be changed.
"For the foreseeable future, people will have to continue making passwords work for them, whether that is using personal algorithms to keep track of them or using password
managers. Organisations can do their part by implementing and pushing
or even mandating two-factor authentication so that even if passwords are breached, the damage is contained.
"Right now, passwords pose one of the biggest security challenges the security world faces but there isn't really a viable widespread replacement on the horizon."