World Password Day lands today (6 May) and brings with it the many exciting developments that have changed security and access over the past year.
And by ‘exciting’ what’s really meant is ‘scary’.
The global move to working from home has opened up the Pandora’s box of vulnerabilities in home and office systems, vulnerabilities rapidly exploited by cybercriminals. In August 2020, INTERPOL revealed an ‘alarming’ increase in cyberattacks that were exploiting the uncertainty and complexity of the pandemic, and this is a theme shared by reports from Mimecast and Verizon.
According to Stephen Osler, co-founder and business development director at Nclose, these threats won’t slow down in 2021, making right now the perfect time to invest into multi-factor authentication and password management tools that make it easier, not harder to embed robust security.
“The real challenge with passwords is that the global standards for best practice and absolute security keep changing,” he adds. “There is a consistent increase in the sophistication of passwords and the need for passwords that tick so many different boxes, from capital letters to unusual letters to numbers to everything in between. As a result of this complexity, people simply write them down so they can access them easily.”
This is the difficult truth of security. Passwords are essential and critical, but they’re hard to manage. If a user forgets their password, they can lose hours to hoop jumping and verifications and authentications in order to get back online, and back to work. This isn’t an optimal situation, especially in the high-pressure stakes brought about by the pandemic, so people make stupid mistakes because they want an easy life.
“People want things to be easier so they either write their password down, or they choose a really easy password, or they opt into less secure methods of authenticating transactions or logins,” says Osler. “The requirement for a strong password is so complex it’s ridiculous, and cybercriminals know it.”
This is a trend that’s been noticed by more than just the criminals – the National Institute of Standards and Technology (NIST) recommends that complexity in password make-up be replaced by length.
The organisation points out that, mathematically, the longer the password, the more secure it’s likely to be because short and complicated passwords are less easy to predict, less likely to follow predictable human patterns. This means that passwords should be at least 16 characters long to really add on that much-needed protection.
“It would be great if the world could actually get rid of passwords,” says Osler. “Solutions such as biometrics – fingerprint and facial recognition, for example – are a lot more user friendly, and if these solutions could be integrated into alternative solutions, the world would be far more secure. And it would stop people from leaving their passwords lying around for anyone to access.”
Until passwords are replaced by more efficient and accessible solutions that can be implemented both at home and in the office, there are alternatives that users and businesses can consider. Perhaps the easiest and most efficient is a password vault. Here, within highly secure walls that are pretty close to impenetrable, lie all the user passwords and access is granted through the use of just one master password. It’s a clever solution that keeps the password complexity to a minimum but security at a maximum.
“Password vaults are great, but there should also be multi-factor authentication on all systems that protect highly confidential information or require careful access management,” concludes Osler. “Ultimately no one system is fool proof, but multiple layers protecting valuable information and offering different levels of authentication can not only simplify the process, but minimise reliance on that pesky password.”