Happy World Password Day! (and why you should care)

Happy World Password Day! (and why you should care)

Today is World Password Day. Every year on the first Thursday in May World Password Day promotes better password habits. Despite what is going on in the world this might be the most important Password Day there has been.

With so many of us working from home our cybersecurity will be stretched to the limit. The basis of great cybersecurity is using strong passwords. So to a good way of improving your security is making sure employees are using strong passwords for all accounts your business uses.

 

Why is World Password Day so important?

Well despite all the warnings about using the same weak passwords on our accounts, we are still doing it. We are still making it easy for cybercriminals to hack into our accounts. If a hacker gets access to one account and you use that password across different accounts, they now have access to all of them.

A survey held in the UK by password manager LastPass found some shocking behaviours around using the same password.

  • 92% know that using the same or a variation of the same password is a risk, but:
  • 50% of us do it regardless!

Passwords are now an expected and typical part of our data-driven online lives. In today’s digital culture, it’s not unusual to need a password for everything—from accessing your smartphone, to signing into your remote workspace, to checking your bank statements, and more. We’ve all grown used to entering passwords dozens of times per day, and because of this, we often take passwords for granted and forget how crucial they are.

With that in mind, what steps can you take to ensure that your personal data is protected at all times?

 

Consider a password overhaul—at home and at work

We know… just the mere thought of coming up with (and remembering) yet another new password is daunting. The average person has about 100 different passwords for the various tools, apps, websites, and online services they use on a regular basis. With so many passwords to keep track of, those familiar “Update Password” prompts tend to get bothersome.

But, unfortunately, we live in a world of constant hacking attempts and security breaches. While changing passwords may be inconvenient at times, following this password best practice can help prevent the following data catastrophes:

  • Giving hackers easy access to your most sensitive accounts
  • Breaches to multiple accounts that share the same or similar passwords
  • Attacks by keystroke loggers who steal common login credentials
  • Loss of data through shared (and easily stolen) passwords

Although it requires time and patience, password protection is one of the most important things you can do to safeguard your personal, professional, and sensitive data. The list below includes four easy and practical tips for creating better password policies.

 

1. Increase the complexity and length of each password

There’s a reason that websites and online services provide so much direction when prompting users to create new passwords. Variation in both the complexity and length really does matter when it comes to protecting your accounts. Always incorporate both upper and lowercase letters, numbers, special characters, and symbols into each password you create.

When used in combination, complexity and length make passwords much harder to guess at random. This tactic also prevents users from relying on common phrases or personal identifiers (such as date of birth) when making new passwords. A password that contains only lowercase letters of a simple phrase is much more vulnerable than a complex combination of different characters.

2. Use a password manager

Password management software takes some of the brunt out of remembering the many different combinations you use around the internet. Generally, a password manager requires the creation of one master password. Then, you’ll be given the option to connect different logins that are then placed into your password “vault.”

Many password managers also encrypt passwords to create an additional layer of protection. This means that once you’re logged into the password manager, you may be able to login automatically to different websites, but the exact characters of your unique passwords aren’t always visible.

3. Never store passwords in plain sight

Although it’s tempting, you should never record passwords on paper or in plain sight somewhere on your desktop (such as on a notes app). These methods are easy to spot, which makes them even easier to steal. Additionally, it’s not very difficult to lose, misplace, or throw away passwords that you store on paper.

If you ever need to share passwords or login credentials with another individual (perhaps a family member or an approved coworker), always choose a secure method. Password management software also comes in handy when you need a secure way to share passwords.

4. Use multi-factor authentication wherever possible

Strong passwords make a big difference, but sometimes, additional security is necessary. Multi-factor authentication (MFA) is the process of protecting your digital password with a physical form of identification. For example, when you enter your password into an online account like Gmail, you may receive a code to your mobile phone that you’ll have to enter for an extra line of security. MFA is an effective way to prevent cybercriminals from accessing passwords via third party online systems.

Multi-factor authentication can be conducted in a variety of ways—it might include a quick fingerprint scan, a phone call, a text message, or a code. While MFA does add another roadblock to accessing your account, it’s a simple, yet powerful way to strengthen data security.

Enhancing your unique passwords is just one of the many ways that you can lock down any potential vulnerabilities and prevent cybercriminals from accessing your information.

Sources:
(1) Infotech
(2) Techsecurity

How to reduce resources devoted to password reset

How to reduce resources devoted to password reset

Password reset is one of the most recurrent tasks in help desk departments. With Soffid you can dramatically reduce the number of call center calls, by giving the user the tools to self recover the password.

Soffid allows administrator to enable or disable some recovery methods including presaved questions, email, smart cards, SMS and others. At this post we will see how a user deals with presaved questions recover.

At first, user is encouraged to answer some predefined questions, as well as fill in new questions. The video below this lines shows how a user is automatically redirected to password recovery form just after login into the workstation.

Once the password has been filled in, the user is able to recover its password from within Windows login screen. See next video.