Throughout the entire month of January, The Fintech Times will be exploring every dimension of one of the industry’s most pressing topics: cybersecurity.
During our fourth week of cybersecurity coverage, we’ve considered how passwords are being breached, and the highs and lows of contemporary security measures like biometrics. Today we’ll be continuing along this theme with a more hands-on step forward, to consider all the best ways to manage passwords more securely.
Password technology stands between cybercriminals and our personal information, so it’s critical that these front line measures are as robust and as unbreakable as possible. “According to a 2021 IBM report, stolen credentials are the most common cause of data breaches, making employee passwords one of the biggest ongoing threats to corporate security – whether the employees using them are remote working or not,” zsah CEO and founder, Amir Hashmi tells The Fintech Times.
The security of a business depends on the security of a password, and to provide a comprehensive solution to this task, we sat down with a range of industry experts to gain an on-the-ground understanding of how this can be achieved effectively.
Complexity is Key
Building a password is like building a bridge. It needs to be long enough to cross the river of cybersecurity breaches, unforgettable, so that you don’t forget where to make the crossing, and fortified so that the bridge doesn’t give way under your feet.
“Managing passwords securely can be challenging – especially when we’re all using an ever-growing number of systems, both professionally and personally,” comments Jason Dowzell, CEO and Co-Founder of Natural HR. “We’re supposed to memorise a vast number of passwords designed to be impossible to guess!
“A good starting point to managing passwords securely is to cultivate the practice of creating longer passwords which aren’t re-used on multiple sites. Many businesses and sites require that passwords are made up of both upper and lowercase letters, numbers, and special characters.
“While this contributes to more complex passwords, these are often hard to remember and can ultimately lead to poorer security hygiene. No one will remember ‘A6*8Jhku)[email protected]’ in a hurry!
“It should be noted that a longer password combining multiple words – opting for password length rather than complexity – is harder to crack and also easier for the user to remember. In fact, research has found that a password containing 12 characters is 62 trillion times more difficult to crack compared to one with just six.”
Adding to this, Jason Stirland, CTO at DeltaNet International recognises how a small crack in the wall could compromise the integrity of your defences, and how raising employee awareness remains essential: “According to research by LastPass, despite 92 per cent of online users recognising that using the same password is a risk, 65 per cent still reuse theirs across accounts, increasing the risk of a data breach. That’s why it’s so important for businesses to train their employees on the importance of using passwords securely as a preliminary line of defence.
“With cyber-attacks on the rise, it is remarkable how many passwords are compromised simply because they are not strong enough. Strong passwords are hard to guess, include a combination of upper-case letters, lower-case letters, symbols, and numbers, and are different for each account/platform. It’s important not to use names, important dates or words from the Oxford dictionary. Instead, use a memorable phrase and change out some of the letters for numbers or symbols to make it difficult to guess.”
Two-factor authentication is the process of accessing data by presenting two, or sometimes more, different types of information. Typically, users might be requested to verify their identity by triggering a parallel process on a supporting app once they’ve entered their password.
“Unfortunately, often due to the sheer number of passwords required for users online – many people reuse the same password across multiple accounts, making them vulnerable and posing an information security risk, especially if shared with business accounts,” adds Stirland. “To help counter this risk, IT teams should enable mandatory two-factor authentication on company accounts as an added layer of security.”
“Using two-factor authentication provides a second layer of security beyond just a username and password,” explains Dowzell. “This security approach requires an additional login credential to gain account access, and receiving that second credential requires access to something that either belongs to the user (e.g. a unique access code sent via SMS to their mobile phone), something only the user knows (e.g. security question answers or a PIN) or something only the user is (e.g. biometric data such as a fingerprint).”
“Depending on your business, the number of applications your employees may need to use to perform their duties can reach dozens, if not hundreds. A robust password policy must be enforced. It is, of course, difficult for employees to remember a long list of strong passwords with strings of random letters, numbers, and symbols. As such, the use of password managers which create, retain, and autofill passwords can be a good,” explains Hashmi.
Password managers work online in a similar way to how keychains keep all of your keys securely in one place. The solution could appear to be highly valuable when managing remote teams, and are also beneficial when managing a large volume of passwords.
“Using a reputable password manager can also help in managing passwords securely and can be readily accessed using one master password,” Dowzell adds. “These tools allow users to store multiple passwords in an encrypted format so that they don’t have to remember each of them – and they often generate ‘strong’ passwords on the user’s behalf.”
One such solution that consumers might be interested in utilising is the password management service of Forghetti. The service allows users to generate and implement passwords using just one secure key. Whilst speaking to the company’s Founder and CEO, Michael Crompton advises: “The most vulnerable and difficult aspect of maintaining security is the human factor. Cybersecurity is a necessity for young and old alike. As a society, we need to encourage everyone to take a first step towards being secure and responsible with their personal data. We have designed a series of illustrations aimed at teaching and raising awareness of five critical rules for handling passwords:
- Make your passwords complex
- Have a unique password for every account
- Make your passwords long
- Be mindful of where you store your passwords
- Change your passwords regularly
Ultimately it is not practical for anyone really to manage this manually – so time to get a password management solution if you do not have one already.”