May 4, 2017 By Douglas Bonderud 2 min read

Consumers are bad at passwords. So are companies, and they’re also bad at mandating effective authentication. As a result of this poor cyber hygiene, end users are at greater risk of having personal data stolen or accounts compromised, while businesses could face costly and time-consuming PR and remediation efforts.

As noted by Dark Reading, World Password Day is May 4, offering an ideal time for organizations and employees to take a hard look at bad cyber habits and clean up their acts.

Rolling the Dice With Poor Passwords

Passwords have been on the cyber chopping block for years now. But in the same way new communication tools can’t seem to knock email out of top spot, passwords remain the go-to for most e-commerce accounts, social platforms and corporate networks.

The problem is that users are really bad at choosing decent passwords. For example, Forbes reported that the most popular passwords in 2016 were “123456” and “password.” Alarmingly, these passwords also topped the list in 2015 and 2014.

The Dark Reading piece, meanwhile, noted that 70 percent of end users have seven or fewer passwords across all their online accounts, so it’s no surprise that 81 percent of hacking-related breaches examined by the “2017 Verizon Data Breach Investigation Report (DBIR)” tapped weak or stolen passwords. Even IT security pros aren’t off the hook, with 53 percent still using the same social network passwords they did last year, while 20 percent have never changed their passwords.

On the corporate side of the equation, many companies still aren’t using multifactor authentication (MFA). The DBIR described this as “rolling the dice” when it comes to device compromise from reused access credentials.

Cleaning Up for World Password Day

Ars Technica recently pointed out some less-than-stellar authentication designs. Its example not only allowed four-character passwords, but it also sent users a PIN in plaintext via email. What’s more, there was no mechanism to reset credentials, meaning that even if a breach occurred, users are stuck with the same problematic password.

Add in the predilection of users to select easy-to-remember and easy-to-guess passwords, then reuse them across multiple sites and never change them, and it becomes clear that even the necessary attention drawn by World Password Day won’t be enough to solve this security issue.

So what’s the solution? First, companies need to recognize that passwords won’t disappear overnight; better management is required to limit theft and reuse. Ideally, businesses should balance the need for better security hygiene with user convenience. It’s a good idea, for example, to require at least eight characters for any password, including one number or symbol. Then leverage controls that prevent employees from reusing passwords and restrict access unless passwords are regularly changed.

The next step is adaptive authentication. The idea here is to tap emerging authentication protocols, such as biometric tools and location-specific identifiers, and combine them with open source initiatives to develop universal, adaptable and secure standards that provide maximum convenience across multiple devices without compromising corporate security.

Scrubbing Out Poor Passwords

Passwords are a big problem. Users make terrible choices, and companies often overlook bad habits in favor of enterprise expediency. But cybercriminals are cleaning up, using and reusing bad passwords to compromise accounts.

World Password Day calls out the need for better cyber hygiene, but that’s only half the battle. Adaptive authentication, combined with evolving open standards, are required to help scrub out this security issue.

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today