This is a pivotal World Password Day because password protection is diverging into a “Tale of Two Approaches.”
Companies that are at the forefront of password security have incorporated passkey protection and biometric authentication into their authentication processes. As such, they have vastly reduced the risk of password theft and smishing attacks that can be perpetrated on mobile devices.
Password security leaders also cultivate a security culture that embraces best practices like these:
- Utilization of Multi-Factor Authentication (MFA).
- Establishment of mandatory password rotation and requirements that encourage employees to change their passwords and passphrases on a regular basis.
- Account lockout requirements to immediately disable users’ access after multiple failed login attempts.
For password security leaders, a growing area of concern is how biometric data needs to be stored within their organizations, and who should have access to it. With the growing availability of Artificial Intelligence (AI) technology and the expanding volume of biometric data, there is a growing risk that users’ identities could be “cloned.” As such, password leadership requires a company’s ongoing attention and significant investment.
On the flip side, companies that aren’t on the password security forefront generally adopt a wait-and-see approach, until a password compromise results in an unfortunate data breach. For password security followers, we see commonplace utilization of weak passwords, including perennial weak passwords like 123456, password, and qwerty. And, such companies frequently over-rely on email or text-based confirmation codes, which can easily be compromised.
The good news is that any company can progress from a password security follower to a leader, by taking several essential steps. In addition to adopting the best practices above, you need to educate users about the significance of password safety and remind users that passwords should never be shared with anyone, including their most trusted business colleagues. Lastly, users should never allow family members to access their business devices, because doing so dramatically increases cyber risk.
