em360tech image

By Robin Campbell-Burt, CEO at Code Red

It’s safe to say the most popular security method ever invented was the password. Its history goes as far back as 11 BCE, when the Roman army used passwords to differentiate between friend and foe, and the first digital password was created in 1961 by MIT computer science professor Fernando Corbato.

Over 50 years later, passwords are still the most popular form of authentication for the digital world. However, this has created problems. For too long, weak, or easy-to-guess passwords have been the downfall of businesses when it comes to their cybersecurity posture.

As a result, this year’s Cybersecurity Awareness Month has reinforced the important message of using strong passwords. So, what do experts in the cybersecurity space think about this message? What does a ‘strong password’ now look like and are current practices good enough, or is it time to go passwordless?

Joseph Carson, Chief Security Scientist & Advisory CISO at Delinea stresses the pivotal role that strong passwords and password managers play in protecting our digital lives. He notes that “weak passwords pose a significant risk as it can be easily exploited by cyber criminals using well known hacking techniques.”

Whilst a weak password can easily be exploited by cybercriminals, he emphasises that using passwords across different accounts only heightens how vulnerable you are. Joseph argues that individuals and organisations can adopt the practice of using strong passwords, passphrases, and a password management solution to significantly reduce this risk.

“To effectively manage this complexity of using multiple strong passwords, use a password manager or consider using a Privileged Access Management solution,” said Joseph Carson. These digital vaults offer secure solutions by storing all the passwords in a central secure vault accessible only through a single master password and improve it even further with additional security controls such as Multi Factor Authentication.”

Aaron Kiemele, CISO at Jamf, also echoes that the focus on passwords for this year’s Cybersecurity Awareness Month is important: “This year’s main focuses are no doubt the most critical things an individual or company can do to lower their overall risk. Good identity management with strong passwords and MFA is one of the most reliable ways to reduce risk.”

Emre Tezisci, Sales Engineer, ZTNA Engineering at Barracuda agrees with Joseph on the capabilities of a strong password, stating that the advice given such as setting strong passwords, keeping software updated and other basic measures is ‘solid’. However, Emre argues that “20 years on from the first Cyber Security Awareness month, millions of organisations and their employees struggle to adopt it”.

Emre believes that although implementing good password habits is a perfectly acceptable route forward for organisations, there are other paths to consider, such as the option of going passwordless.

“We know that password-based authentication is no longer always enough to protect identities, given that compromised passwords are responsible for 81% of hacking breaches, so perhaps it’s time to look seriously at an alternative; passwordless authentication” said Emre Tezisci.

Acknowledging that the transition to a passwordless future may take time in the business environment, Emre Tezisci highlights its potential to offer a more user-friendly and secure access experience, whilst taking away the difficulty of memorising multiple passwords.

Also looking towards a more user-friendly experience and noticing the growing fatigue amongst the public in managing numerous passwords, Eduardo Azanza, CEO at Veridas brings another path to the discussion. He recognises that even with the strongest passwords, “threat actors will always find a way into a system they are targeting”.

Eduardo Azanza claims that biometrics provide both a more secure and seamless experience for customers. “Whilst CISA may emphasise the need for strong passwords, we see a passwordless future coming quickly and for the best,” said Eduardo Azanza.

He believes that a shift to biometric solutions offers more robust security, stating that “one’s unique physical characteristics are much more challenging for cybercriminals to replicate or steal. Biometrics, therefore, provides a strong barrier against unauthorised access, an ongoing problem in the world of data breaches. Passwords cannot match up against this level of security and convenience for users.”

As we reflect on the future of passwords this Cybersecurity Awareness Month and see a growing momentum toward passwordless authentications and biometrics, it is evident that strong passwords and password managers remain important.

All options are crucial in safeguarding our online presence, offering enhanced security, user-friendliness, and resilience against evolving cyber threats, however as highlighted, there are more risks associated with passwords due to the human compliance aspect.

Individuals often don’t follow the recommended best practices to strong passwords, leading to attackers finding it easier to exploit this pathway. Therefore, it is important to get employees on board with good password practices, whether that be through password managers or biometrics.