Experts from across the industry share their thoughts about what needs to be done to better protect organisations and what security measures need to be considered this Change Your Password Day.
Our online security has become increasingly anxiety-inducing, and the use of traditional passwords is failing to keep up with the growing number of sophisticated and complex cyber threats. Just last year, British companies experienced 2.39 million cyber-attacks; a worrying statistic which tells us it it’s time for change. Organisations must take action and fortify their security to protect their data, finances, and reputation.
Safeguarding users
There are several ways organisations can put in place to protect themselves. Firstly – strong passwords. Paul Anderson, VP UK & Ireland at Fortinet, says, “Having strong passwords is a way to prevent threats from entering networks, while regularly changing passwords to ensure data is protected demonstrates how everyone in a business has a part to play to maintain security.”
Adam Marrè, Chief Information Security Officer at Arctic Wolf, agrees that “passwords are the lifeblood of our online persona; we need to take them seriously to protect ourselves from the threat of cybercrime.” He recommends organisations have strong password management practices, including regular updates to passwords and ensuring they “don’t consist of words or phrases that can be associated directly with you, your interests or family.” He also observes that, while people should use unique passwords for every account, “we must turn on two-factor authentication if it’s available, as well as using a reputable and recognised password manager.” He adds, “With so many passwords to keep track of password discipline is difficult. The risk is, if your password is compromised, all your electronic assets are potentially open to hackers.”
Current security practices are more risky than we think, according to Andy Thompson, Offensive Research Evangelist at CyberArk Labs. “Simply putting strong passwords in place is no longer good enough. In fact, no matter how strong your password is, if a threat actor gets a hold of a cookie, none of it matters,” he explains. “Instead, we need a mechanism that mandates users to frequently change their credentials. And, each time, this mechanism must require strong, unique passwords, not iterative Password1, Password2 changes.”
David Warburton, Director, F5 Labs reminds us that, “While multi-factor authentication is still strongly recommended wherever possible, the vast number of tricks that attackers can have at their disposal mean that it is far from the unbreakable security control it was once was.” He adds, “From a business perspective, this is when you’ll need solutions that directly disrupt attacker ROI and one that can curate and analyse network, device, and environmental telemetry signals across data centres, clouds, and architectures. By modelling threat intelligence across similar attack profiles and risk surfaces, affected organisations can autonomously deploy appropriate countermeasures with maximum effectiveness.”
Navigating a passwordless future
But what does the future of passwords look like? Ping Identity’s General Manager, EMEA, Paul Inglis suggests that “the momentum behind passwordless authentication is undeniable, and many enterprise organisations are already on this digital transformation journey.”
Frederik Mennes, Director Product Management & Business Strategy at OneSpan, adds, “Traditional authentication solutions, like passwords, are no longer effective against modern threats, and upholding the integrity of your digital identity should be a top priority. This starts with passwordless protection, which emerges as a viable alternative for securing critical systems that store sensitive data, providing defence against evolving threats by eliminating vulnerabilities associated with traditional passwords.”
Speaking positively about this change, Inglis adds that passwordless authentication is “a paradigm shift to enhance security and user convenience significantly.” With Ping Identity research revealing that 59% of UK consumers would switch to a different brand or service that offered them passwordless as a means of logging in, this change will fundamentally reduce fraud and give consumers more security to freely navigate the digital world without fear of scams.
This new technology doesn’t mean the use of passwords is coming to an end imminently, but it will be a move towards enhancing security and ease for users in the long-term.