aidarrow-end-inversearrow-endarrow-left-angulararrow-left-angularWhy choose AvectoAchieve complianceOperational efficiencycompliancedefendpoint-coloureddefendpoint-thin-2DesktopScaleResources.iconsAsset 21insider-threatsavecto-logo-smallquotation-marksransomwareArticleUse caseWebinarResources.iconssafePrevent attacksAsset 19social-engineeringTrustedtriangleStop insider attacksAsset 20Resources.iconsResources.iconszero-days

Blog

Password security: what does the future hold?

Jonathan Clarke

May 3rd is World Password Day and that means individuals and organizations across the globe should be doing all they can to promote best practice around the use and security of their passwords.

Remembering to use different passwords for different accounts, regularly updating them and making sure they cannot easily be deciphered are the basics of password security that everyone should be aware of. However, you might be surprised by just how often poor password diligence leads to security breaches and a loss of data for both individuals and firms.

According to the 2016 Data Breach Investigations Report from Verizon Enterprises, 63 per cent of all confirmed data breaches come as a result of stolen credentials, with passwords the most-used items to breach company IT systems. Weak, default or stolen passwords were therefore shown to be a significant risk to enterprise data security.

How do I create a strong password?

One of the basics that individuals need to know when setting up their passwords is the difference between what is deemed a 'strong' password and what is seen to be 'weak'.

A strong password is one that is not easily predictable, it therefore makes it more difficult for malicious parties to guess or work out your log-in details and subsequently keeps your private information more secure.

Being unpredictable is not that a simple task, though; however, there are a number of tips individuals can use to enhance the complexity (and unpredictability) of their passwords, including:

• Make your password case sensitive and include both upper and lowercase letters, i.e. FootBall, Sweater
• Include numerals to enhance complexity further, i.e. FootBall1, Sweater88
• Swap letters for numerals, i.e. F00tBall1, Sw3ater88

A strong password is also long (at least six characters) and makes use of common words that are memorable to you. Increasing the amount of work that it takes to break the code of your password is what it's all about.

Understand the risks of poor password security

The plethora of accounts and devices, IT systems and apps that people use today can be astonishing. Indeed, research carried out by Digital Guardian earlier this year showed that 70 per cent of people have more than ten password-protected accounts online, while a shocking 30 per cent say they have "too many to count".

It is therefore essential that individuals use different passwords for each of their accounts. Failure to do so means that, should any single account be compromised, all of their online data could be at risk. However, ensuring you are utilizing multiple, unique passwords for your accounts is not enough, individuals must also remember to regularly update their passwords if they want their security to be maintained for the long-term.

Keeping track of all your passwords across such a wide range of uses can therefore be challenging, but there is help available. Tools like LastPass, Zoho Vault and Dashlane ensure individuals can securely manage their passwords, keeping them all in a single place to remind users at will and also kept safe behind their own extensive security protection.

What does the future hold for passwords?

Looking forward, new technologies will augment the ability of individuals to safeguard their accounts and devices in the coming years. While the humble password will continue to play a crucial part in maintaining data security, measures like multi-factor authentication (MFA) will also have a greater role to play.

MFA combines several layers of security for users to create a stronger safeguard against malicious attackers who may wish to break into accounts and access their sensitive data. It works by combining several types of unique information in order to identify yourself.

This is commonly made up of something you know (a password), something you have (a specific device you use or own) and something you are (a fingerprint or other biometric data). By combining these three levels of security, MFA ensures stricter identification for access to users' accounts than any method that has been available in the past.

Ultimately, the password is set to remain one of the main safeguards for all tech users when accessing their accounts and multiple devices. So, ensuring you have strong passwords and that you're making use of our best practice advice above is the real message we want you to take away on World Password Day 2018.