Today is World Password Day 2021, and while companies are touting the best password management practices, Google is hoping someday we won’t have to worry about them at all. According to the company, even the strongest passwords can be compromised.
“You may not realize it, but passwords are the single biggest threat to your online security – they’re easy to steal, they’re hard to remember, and managing them is tedious. Many people believe that a password should be as long and complicated as possible – but in many cases, this can actually increase the security risk,” Mark Risher, director of product management, identity and user security at Google, wrote in a blog post.
Currently, the company provides two-step verification to confirm the identity of users. To expand this feature, the company plans to automatically start enrolling users if their accounts are appropriately configured, Risher explained. In addition, the company is working on advanced security features to make a multi-factor authentication experience that’s even more secure than passwords.
“For example, we’ve built our security keys directly into Android devices, and launched our Google Smart Lock app for iOS, so now people can use their phones as their secondary form of authentication,” Risher wrote.
Until it can reach a point where passwords are no longer necessary, Google will continue to invest in tools and features that keep passwords and personal information safe. The company recently launched a password import feature that stores up to 1,000 passwords from third-party sites for free.
“One day, we hope stolen passwords will be a thing of the past, because passwords will be a thing of the past, but until then Google will continue to keep you and your passwords safe,” wrote Richer.
What others in the industry are saying about passwords:
Ralph Pasini, president of Exabeam, explained World Password Day 2021 is more important than ever as organizations navigate to this new reality of working from home. “Cybercriminals will capitalize on any opportunity to collect credentials from unsuspecting victims. Just recently, scammers began preying on people eagerly awaiting vaccinations or plans to return to the office as a means to swipe their personal data and logins, for instance,” he said. “The most common attack technique that I often see in the breach reports that I read is stolen credentials. This is a never ending battle between the security industry and cybercriminals, but there are ways organizations can protect themselves against credential theft.”
Mathew Newfield, chief infrastructure and security officer at Unisys, believes there are two simple tips to create complex and sure passwords: 1. Use a private passphrase rather than a single word. 2. Create a password key. Together, passphrases can be transformed into complex passwords. And as a bonus tip, he recommends periodically changing your passwords.
Russell Reeder, CEO of cloud-based data protection company Infrascale, provided five tips to successfully secure your password:
- Be unpredictable: To minimize the risk of brute force and dictionary attacks
- Be creative: By creating a phrase, using special characters, and numbers. If you can’t think of a good password, Reeder suggested using a password generator.
- Be long: The longer the password, the more possible combinations and permutations there are.
- Be smart: Don’t share your credentials and be mindful of phishing.
- Be fresh: Update your passwords regularly.
For enterprises, Brian Spanswick, chief information security officer at Cohesity, says to implement multi-factor authentication to protect against phishing schemes and password hacks. In addition, increase employee education and give them the tools they need to create more complex passwords and avoid phishing attempts.
Lastly, Wes Spencer, CISO of Perch Security, said to never reuse a password or relay on your password online. “Most successful breaches occur when a stolen password from one platform is leveraged against another system that shares the same password.”