World Password Day is an annual event that raises awareness about the importance of strong passwords. It is celebrated on the first Thursday of May. This year, World Password Day falls on May 5. It’s that time of the year when we sit and review our passwords and secure our logins.
If your password is still “123456” or “qwerty” then you are using one of the top 10 most common passwords worldwide – exposing your account to easy hacks or having already been hacked.
According to a recent survey by Auth0, the APAC region is notorious for reusing passwords. The survey involving over 1200 business leaders and 8000 consumers reported that 89% of APAC consumers reused their passwords for more than one account. While passwords can protect the data to a certain extent, complete security of data and confidential information still rests on how well the passwords are managed. In most cases, password vulnerabilities stem from not following the best password practices suggested by cybersecurity experts.
How do hackers steal passwords?
Password security is a pressing concern for businesses of all verticals. Whether through brute force, misconfiguration, pretexting, ransomware, backdoor release, privilege abuse, or other hacking methods, password stealing is a nuisance that organizations, employees, and even cybersecurity experts deal with every day. Password breaches and sophisticated brute attacks, and unauthorized attempts to steal passwords by infecting systems with malicious entities have skyrocketed in recent times.
How can you tell if your password has been stolen?
There are a few ways to tell if your password has been stolen. One way is to check if any of your personal information, such as your name or address, has been leaked online. You can also check to see if your password has been used to log in to any other accounts besides your own. If you notice any unusual activity on your account, such as unexpected login attempts or strange messages, this may also be a sign that your password has been stolen.
A simple way to check if your account has been compromised or involved in a data breach would be to look up the site Have I Been Pwned. The site checks if your email or even your phone was in a data breach and also lets you set up an alert for future breaches that involve your email ID.
What should you do if you think your password has been stolen?
There are a few things you can do if you think your password has been stolen:
- Change your password immediately and make sure to choose a strong, unique password.
- Enable Two-Factor Authentication (2FA) if it is an option.
- Monitor your accounts for any unusual or suspicious activity.
- If you believe your personal information has been compromised, you can also place a fraud alert or credit freeze on your accounts.
- Report the breach/account compromise to the respective authority.
How can organizations and employees protect themselves from password theft?
Many companies and individuals have been victims of social engineering, where they are deceived into sharing personal information. The most common advice shared by all organizations is to use strong passwords that are difficult to guess, change passwords regularly, and use password managers to generate and store passwords securely.
Sometimes, just a password is not enough.
There are other ways to protect your assets – maybe even go passwordless says Yubico, the leading provider of hardware authentication security keys. On World Password Day, Yubico departures from a need for strong passwords to a phishing-resistant and passwordless future. In their multi-factor authentication (MFA) guide, Yubico details the “alphabet soup” of industry jargon, acronyms, and tools used for authentication and the options available for individuals and organizations.
In their latest press release, Ronnie Manning, Chief Marketing Officer, Yubico, states “World Password Day helps bring global awareness for individuals and organizations to increase their password hygiene and overall online security. Everyone should take this opportunity to protect their identities, data, and accounts by going beyond using basic username and passwords and turning on MFA for their online applications and services, including the use of modern authentication tools like YubiKeys.”
What do you think about phishing-resistant MFA? Would password-less authentication make you less vulnerable to account theft? According to an IDG survey, 33% of IT departments have already adopted passwordless authentication, with the APAC region reporting the highest adoption rate at 41%. Something to think about.