search
Contact us

Search

search
layer 1 layer 2 layer 3 layer 4 layer 5 abstract shapes

Change Your Password Day: Time to strengthen your cyber defences

Change Your Password Day, which falls on February 1st, acts as an annual reminder for individuals and organisations to prioritise good security practices and fortify their digital defences.

This year’s event comes just a couple of weeks after what’s been dubbed the ‘Mother of all breaches’, in which 26 billion records were stolen and leaked online, affecting users of LinkedIn, Facebook, Dropbox, X, and other popular platforms. In the face of such attacks, Change Your Password Day encourages more robust password hygiene.

We look at the origins of the day, and explore how modern methods of user authentication are helping businesses meet the challenges of an ever-evolving threat landscape…

What is Change Your Password Day?

Reportedly instigated as one man’s response to having his personal accounts hacked twice in quick succession, Change Your Password Day has been an annual event since 2012. The man behind the idea, Matt Buchanan, reportedly felt it would help people remember to check they were following the right password practices, and changing them if necessary, if there were a specific day set aside for doing it. And presumably that’s what he has done for the past 12 years.

Of course, the IT landscape has changed dramatically in that time. The cloud has boomed, and the Internet of Things has meant passwords have become less ‘everyday’ than modern technologies like biometrics. But passwords are still an integral element of any business’s cyber defences. And when it’s thought that as many as 86% of cyberattacks these days use stolen credentials, the importance of good cyber security housekeeping is arguably stronger today than it was 12 years ago.

Good password hygiene

Getting hacked can be devastating on a personal level, but it can sound the death knell for businesses, which rely on robust cyber security to safeguard valuable data and critical assets.

With remote workers and BYOD devices complicating security posture and broadening the attack surface, it’s more important than ever for everyone to be clued up and on the same page when it comes to password integrity.

At the very least, IT teams should be implementing the following, and ensuring users know how to use them:

  • Multi-factor authentication: Add an extra layer of security – including through biometrics, if possible – to the access process, wherever Read more about the importance of MFA.
  • Password managers: Users are more likely to maintain good password hygiene and practices if it’s easy for them to do. Password managers simplify the generation of complex passwords and ensure users don’t have to remember them.
  • Automatically reset passwords: Scheduling password resets helps ensure the security of the environment, especially in cases where passwords have been unknowingly compromised. Educating users around the importance of this being done will help avoid password fatigue, which can lead to risky practices and behaviours.
  • Passphrases: When it comes to passwords, the longer the better. Encourage users to set a multi-word passphrase as their password manager master, as these will be much easier to remember than long strings of random letters.
  • Encryption: Encryption provides additional protection for passwords, even if they are stolen by hackers. End-to-end encryption that is non-reversible will protect passwords in transit over the network, without causing too much annoyance for users.

Modern environments need modern protections

As passwords proliferate across networks and systems, there is an increased risk to business data. According to Verizon’s 2023 Data Breach Investigations Report, 44.7% of data breaches last year were a result of stolen credentials. And with more and more users accessing systems from remote and disparate locations, there’s an urgent need for innovative security solutions that can keep critical infrastructure systems secure, and sensitive data protected.

These days, the answer isn’t as simple as changing a password or implementing MFA. Businesses need to consider the following protections:

Passwordless authentication: Typically deployed alongside Single Sign-On, passwordless authentication allows users to access systems or applications by using a fingerprint, proximity badge or hardware token code instead of a password. It helps strengthen security by improving user experience and eliminating password fatigue, as well as simplifying IT operations by making password management a thing of the past.

Single Sign-On: SSO is another way of combatting risky password behaviours and MFA fatigue, permitting a user to access multiple applications with just one set of login credentials. The SSO service authenticates the user in the first instance, and then grants them access to all the applications the user has been given rights and permissions to. It also eliminates any future password prompts within that sign-on session. To strengthen its efficacy, SSO should be coupled with identity governance and two- or multi-factor authentication.

Security keys: A physical security key is arguably the most secure means of MFA, because it’s a dedicated authentication device for an identified user that is not vulnerable to phishing attacks. Security keys can play a crucial role in protecting sensitive information by ensuring only authorised individuals can access a computer system, network or data repository. Typically a small USB device that is plugged into a computer or laptop to authenticate a user’s identity, physical security keys are highly secure, though they do require additional hardware to be purchased.

A software-based security key is often more convenient, and is far less vulnerable to being lost through human error. These are typically built into a device’s operating system, web browser or other software and deployed when needed.

Verifiable credentials: Potentially the password alternative of the future, verifiable digital credentials (VCs) would represent the decentralisation of user authentication. In this model, users would transact digitally using a portable ‘wallet’ of VCs, such as their personal details, secured by passwordless authentication and authorisation. This wallet would contain all a user’s up-to-date credentials and could be used everywhere from government services and online learning portals to enterprise networks and small business cloud storage. The possibilities for this friction-free access model are endless.

Plan for the worst

Even with the best protections, practices and education in place, security compromises can and do happen. In the event a password is breached and your organisation’s data is exposed, ensuring everyone knows what to do to quickly recover lost data, secure the environment and get back to business is absolutely crucial. A well thought out Cyber Incident Response plan and a robust Business Continuity strategy are critical tools in helping you proactively minimise the damage of a successful cyberattack or breach.

Our Cyber Security Pledge

At BCN, ensuring the highest standards of cyber security for all our customers is a year-round commitment, not just something to think about on Change Your Password Day. Our Cyber Security Pledge means we’ll always offer you best-in-class cyber security solutions that are tailored to your specific needs and goals, whether it’s delivering password awareness training to your teams or helping you enable modern authentication methods across your IT environment.

For more on how BCN can help you better protect your critical business assets, get in touch with our team this Change Your Password Day.

BCN is always here to help

For more on how BCN can help you better protect your critical business assets, get in touch with our team this Change Your Password Day.

Contact Us down down down