April 6, 2020
World Password Day, a day created to promote better password habits takes place on Thursday 7 May. BSI’s Consulting Services is urging online users to strengthen their security posture online through good practices and to better protect themselves from the vast cyber risks that exist at present.
Stephen Bowes, Global Practice Director, Information and Security Technologies at BSI, explains: “A password is the primary method used to confirm the identity of a user to gain access to a wealth of platforms and personal information. They are used for everyday activities both off and online and are needed for accessing multiple platforms that help us with our day to day lives. These include logging on to utility or financial accounts, entertainment or streaming services, shopping online and even to gain access to a property by a security gate keypad or alarm. By having good password habits, online users are not only protecting themselves but protecting their data, property and business.”
What are the most hacked passwords?
While it can be difficult to remember multiple passwords, it is important that users refrain from using the most common ones. Joseph Pierini, Head of Testing (US) for Cybersecurity and Information Resilience at BSI shares, “The most common passwords found during a penetration test are a combination of the season or company name, plus a few numbers. At least one person in your organization is currently using ‘Spring2020’ as their password.”
“The necessity for the use of passwords through online platforms has grown phenomenally, and many users are struggling to create new and unique passwords to facilitate secure access to a diverse set of accounts. The risk here is that if a user decides to use the same or similar password across accounts and a malicious individual gains access to this password through phishing emails or by other means they will have unauthorised and unlimited access to the unsuspecting users online world. Should the same password be used on personal as well as a work accounts, the risks increase even further as important company data could potentially be exposed. This issue is especially concerning for those that might be using one of the most common passwords as these users are putting themselves at an even greater risk and should change their passwords immediately,” says Stephen.
Password hygiene tips
Staying safe online requires online users to carefully select unique and complex passwords ensuring the passwords are robust enough so that they cannot be cracked or guessed easily. Below is an outline of recommendations from BSI Consulting Services which can aid online users in strengthening their security posture on World Password Day:
- Passwords should at a minimum, contain ten characters using uppercase and lowercase letters as well as numbers and special characters - a good password is a long password
- Refrain from using personal information such as a part of an address, a surname, a spouse’s name, a pet’s name, favourite football team, date of birth or the name of the platform the password is being created for
- Consider using a ‘passphrase’ that will not be forgotten easily and incorporate a mix of characters
- Never use the same password across multiple accounts and add where possible multi-factor authentication (MFA) and/or biometrics (e.g. Touch ID, Face ID or Fingerprint Managers)
- Always ensure that when accessing a platform online that it is through a secure connection and refrain from auto saving passwords when prompted
- Do not store passwords on a device, consider encrypting a password file using an identity provider or using a password manager instead (e.g. LastPass, Keepass or 1Password), where a password can be encrypted and stored either locally or in the cloud
Stephen concludes: “The current pandemic has increased online fraud as attackers seek opportunities to exploit people. On World Password Day we want to help everyone to strengthen their information resilience by asking them to review their passwords and update them. Doing so will not only boost their security awareness and posture but can help in reducing the risk of data loss, financial loss and even identity theft.”
The Consulting Services team at BSI provides a range of solutions to help organizations address challenges in cybersecurity, information management and privacy, security awareness and compliance. For more information visit bsigroup.com/cyber-us