Protect your digital identity on World Password Day with stronger credentials

Visit BSI's Experts Corner: Home for insights from BSI’s practice directors and industry experts on digital trust, environmental, health, safety, security, and sustainability.

April 27, 2023 - Passwords are more than just part of our daily life. We need them for nearly everything, from entering buildings, to accessing our finances, to monitoring our health. They are the key to all device activity, play a crucial role in protecting our private data, and should not be taken lightly. However, many individuals still use weak login credentials, posing significant risks to both themselves and to their organizations. As World Password Day approaches on 4 May this year, this is a great reminder to update your personal and professional and password security.

Weak credential management, the absence of a strong password, and a lack of employee awareness and training present significant risks for both individuals and organizations, especially as cybercriminals are continuing to capitalize on the disruption caused by the COVID-19 pandemic. In 2020, organizations rushed to give their employees remote access to business systems, and the risks of using weak passwords increased dramatically. The new paradigm of work is a prime target for data breaches as a greater number of networks are now more vulnerable and therefore easier to exploit.

To address these risks, individuals and organizations must implement good password management to become more resilient in the face of global disruption. There are several steps individuals and organizations can take to advance their digital security:

  • Refraining from making well-known character substitutions when creating a password. For example, replacing an ”s” with a ”5” or a ”$”, as cybercriminals can simply utilize password cracking technologies to use replacement characters and gain access to your systems.
  • Avoiding public Wi-Fi and ensuring a secure connection when logging in to a device or accessing a program. Cyber criminals use specialized tools to infiltrate public Wi-Fi networks and search for passwords saved on devices connected to them.
  • Not selecting “yes” when prompted to autosave a password.
  • Implementing strong password policies backed with multi-factor authentication (MFA) to keep individual access and organizational access secure. Biometrics such as touch ID, face ID, or fingerprint managers add an additional layer of security.
  • Never storing passwords on devices or in written form on a notepad. Instead, use a password manager to store them in a safe place. For example, 1Password, or Keepass.
  • Resist using a common password pattern to reduce the chance of access from an attempted password spraying attack, such as ‘Summer2023!’. A very well-known pattern is to use a common word (a company name, a season, or a city), capitalize the first letter, add a number (usually a year), and then a special character.
  • Implementing non-standard password replacements such as using ”_R” instead of ”s.” The more unique the password, the more secure the password will be.

World Password Day is a prime opportunity for all organizations and individuals to review, update, and strengthen their passwords and policies. Implementing proactive and regular employee security awareness training as part of the organizational security strategy will also help to increase the overall security posture and resilience of organizations.

Read more from Mark Brown about strengthening your overall cybersecurity strategy in 2023 Supply Chain Insights: Part 2: Cybersecurity in the spotlight. For more BSI insights on other EHS and Digital Trust topics, visit our Experts Corner.