Secure Your Data the Right Way with Password Management This World Password Day

Thursday, 5 May 2022 is World Password Day. Intel created World Password Day in 2013, designating the first Thursday of May each year to raise awareness about the role strong passwords play in securing our digital lives. The objective of this day is to raise awareness of the importance of using a unique password for each account you have and promoting better habits of password management, both for individuals and organizations.

Passwords have been used for the authentication of users for over 60 years, and while alternatives like biometrics and facial recognition are becoming more mainstream, passwords still remain the go-to method of authentication, even though they’re vulnerable to brute-force attacks.

Passwords are an integral security measure for your digital identity and provide access to several online services. However, many people still use the same password for all their accounts and store this password in an insecure manner.

In the spirit of World Password Day, ManageEngine, the IT management division of Zoho, is offering its top four best practices for password management to keep your data and devices secure from cybercriminals.

Invest in a Reliable Password Vault

The passwords you use to access your online accounts should be strong and shouldn’t be used across multiple accounts. If you’ve used the same credentials across different accounts and a cybercriminal manages to crack your password, they’ll be able to access all your accounts. It’s impossible to remember dozens of different passwords and which one you chose for which account, which is why so many people use a variation of the same password across different accounts.

But this habit is also a dangerous practice because variations of the same password are not hard to crack if one of them has been identified.

Organizations are home to a vast number of privileged accounts that give users elevated access to sensitive business information. Safeguarding access to privileged data and resources is critical given the omnipresent nature of passwords across corporate networks. Manually maintaining spreadsheets of classified information, including passwords, keys, and signatures, is not only time-consuming but presents a huge risk to security should a malicious insider or outside attacker gain access to this documentation.

Recommended: World PASSWORD DAY 2022: Are You Investing in Password Managers and Biometrics?

Password vaulting refers to taking highly privileged accounts and passwords out of the hands of users and storing them safely in a secure vault. User access is controlled via a role-based control mechanism. Once the user logs out, the password is rotated, ensuring that the privileged accounts are secured.

A password vault:

• Secures credentials in a digital vault without exposing them in hard-coded format.
• Gives access only to administrators and authorized users.
• Rotates passwords both by schedule and on-demand.
• Generates random passwords for one-time, user-based access.
• Allows the sharing of passwords with various permission levels.

Make Sure Your Passwords are Complex and Hard to Guess

Weak passwords, including the most commonly used passwords, can be cracked in seconds. The longer and more unusual your password is, the harder it is for a cybercriminal to crack. Using three random words out of context along with making your passwords complex (i.e., creating passwords full of random characters, symbols, and numbers) is a good way to set a strong password.

Don’t give away clues to your password via social media and personal activities

Avoid creating passwords from significant dates (like a loved one’s birthday or your own birthday), and don’t use the name of your favourite sports team or a pet’s name. Most of these details about you can be easily discovered on your social media profiles. Never write down your passwords and leave them on a note near or on your laptop. If you work in a busy environment with multiple people around your workstation, you don’t want to leave any nearby clues or prompts to your passwords that may attract a malicious insider to attempt brute-forcing your account.

Adopt Two-Factor or Multi-Factor Authentication as Part of Your Security Protocol

Complex and regularly-updated passwords are a reliable form of security; however, even the strongest password can eventually be cracked with enough time. To fully mitigate the threat of a brute-force attack, you need to enable two-step verification or multi-factor authentication on all your online platforms. This way, even if an attacker correctly guesses your username and password, they’ll still need to complete the second factor of authentication, like entering a one-time password sent to your email, before they gain access to your account.

Mitigating the Risk of Password-Only Authentication

Kumaravel Ramakrishnan, technology director at ManageEngine, says, “According to Verizon’s 2021 Data Breach Investigations Report, over 70% of security breaches involved passwords and credentials.

With the rapid adoption of hybrid work culture, the amount of remote privileges a person requires is ever-increasing, emphasizing the need to secure passwords and control unauthorized access. A compromised password is an easy way for hackers to infiltrate critical information systems and access sensitive data without being detected. Passwords are an extremely effective tool, but only when they’re properly managed. A mix of password policies and technology can bolster defenses against infiltrators and privilege abuse. This applies to both individual employees and organizations as a whole.”

This World Password Day, take time to think about protecting your passwords and the data your passwords protect. Begin your journey of securing your passwords today.

[To share your insights with us, please write to sghosh@martechseries.com]