Execs From Delinea, Specops Discuss World Password Day

Joseph Carson, chief security scientist & advisory CISO at Delinea:

“World Password Day is a time to stop and reflect on current password hygiene. Passwords remain one of the biggest cyber challenges for both consumers and businesses around the world as a poor password choice can make it extremely easy for cybercriminals to steal and spy on your data. As humans, we continually gravitate towards creating passwords that are easy to remember and simplistic. Incorporating a birthday or special date within a password is a common denominator, one that cybercriminals are all too aware of. Dangerously, we continue to leave it up to humans to create strong and secure passwords, despite the fact that most people have already been victims of borderline password disclosures from a person’s history of password choices. Having already had your previous password decisions and choices exposed means that an attacker can simply take that as the baseline and from there create variations of that. An effective password should include passphrases, a sequence of random words for added security. Regular consumers should consider deploying and utilizing a password manager to enhance and regularly rotate their log-in credentials.

“For organizations, a password manager should be a default implementation. If you are a business leader then you must move beyond just having password managers and start using privileged access security to control and protect privileged access. Privileged access security will help automate, rotate and secure your passwords for you and your business, eliminating a significant amount of cyber fatigue. Taking it a step further, organizations should look beyond just their internal password hygiene and take a deeper dive look into their suppliers and contractors to ensure password protection. Are they using a password manager, do they have MFA deployed and how do they protect access to their privileged accounts? We’ve seen the catastrophic domino effect that one poor password choice can have within a supply chain. 

“Organizations can enhance their password posture by understanding that security starts with the social network around you. Why not encourage your employees’ families to use a password manager and reward them? They see that you’re not just taking care of the company but that you’re actually extending security to the social sphere, so that their family and kids can even extend to using password managers and reduce the threats, because attackers can and will target them first as stepping stones to get into your organization. So it makes you think, why not extend your perimeter to the social sphere around the organization. Your supplier, your contractor, partners, your customers and everybody.”

Darren James, Specops:

“Chances are, your password looks a little something like this – Password123! – a capital letter, followed by some lowercase letters, numbers, and a special character. On this World Password Day, it’s important for businesses and consumers to know that it is no longer enough to use a mix of capital and lowercase letters, numbers, and special characters – in fact, 68% of passwords used in attacks contain at least two character types, according to recent Specops research. Here are a few rules of thumb for choosing strong passwords: 

• Instead of a password, choose a passphrase – 3 random words that mean something to you but would be meaningless – and therefore difficult to guess – to anyone else. 

• Better yet, use a password manager and generate passwords that even you can’t guess. The longer and more complex a password is, the harder it will be to guess.  
• Check passwords against breached password lists. There are a number of consumer and enterprise services available that will notify you when your password has been compromised in a breach. Check any old or new passwords against these lists and change your password in the event it has been compromised.  
• Use multi-factor authentication. There are billions of passwords available on the dark web, meaning that even if you do choose the world’s most unguessable password, there is still a chance hackers will find it. MFA provides an extra layer of account protection so that hackers won’t be able to access your sensitive data even in the event they do find your login credentials.”