KnowBe4 urges the public to adopt robust password hygiene practices amid growing cyber threats
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, celebrates World Password Day tomorrow by encouraging users to strengthen password hygiene practices to stay cyber safe.
With digital security more critical than ever, World Password Day is an annual call-to-action for individuals and organizations to strengthen their password practices. Originally created by security researcher Mark Burnett in 2005, the day reminds us to update our passwords regularly and adopt best practices to protect our digital lives. With a rise of data breaches and cyberattacks, it is time to discard weak and insecure passwords and reinforce cybersecurity defenses.
Roger A. Grimes, data-driven defense evangelist at KnowBe4, emphasizes the importance of password security based on over thirty years of examining password attacks. "The uncomfortable truth is that password strategies have not kept pace with the skills of modern hackers. Far too many people are still using passwords that could be cracked in a matter of minutes or even seconds. It is not just about complexity, it is about approaching passwords with a mindset of strategic defense," said Grimes.
Most cyberattacks are the result of a number of contributing factors and the combination of weak passwords and social engineering rank as some of the highest among them. Yet people continue to use the same weak and easy to penetrate passwords both at home and at work, share their passwords with others and store them in easily accessible places. This means that, for example, if one of a user’s social media accounts is compromised, there is a high probability that their work email is also vulnerable to hackers as well.
Grimes identified that password attacks generally fall into four major categories:
- Password guessing
- Password theft
- Password hash cracking
- Password bypass
In response to ongoing cyber threats, constructing strong, unpredictable passwords that can fend off guessing attacks, as well as changing passwords often, are recommended. With phishing implicated in 79% of credential thefts, according to Egress Software Technologies, one of the best defenses lies in blocking phishing attempts before reaching users and by providing security awareness training for appropriate mitigation and reporting if they do encounter them.
Advanced security measures, like multi-factor authentication (MFA) combined with biometrics, also add layers of protection. By combining something users have (a device) with something they are (biometric data), and coupling these with complex passwords, make it much more difficult to phish, guess or predict and thus far more secure.
Password best practices advice
- Instead of using a password, create a passphrase. This can be a sentence or a combination of words that is easy for you to remember. For example CoffeeB4WorkIsTheBest! or MyFavouriteMacMealIs#51. Integrate numbers and special characters into passphrases to make it even more difficult to crack.
- Add multi-factor authentication and biometrics to your login process.
- Avoid using the same password across multiple websites and accounts, and definitely do not use the same passwords at home and at work.
- Use a password manager. This ensures unique, long and complicated passwords for every single place that you need to log into. Password managers also eliminate the human element of creating passwords and makes it impossible to share with anyone. Remember, the more people who know your password, the more vulnerable you and your organization are to cyberattacks.
For further insights and more on best password practices, read Grimes’s blog post here.
About KnowBe4
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 65,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. The late Kevin Mitnick, who was an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Organizations rely on KnowBe4 to mobilize their end users as their last line of defense and trust the KnowBe4 platform to strengthen their security culture and reduce human risk.