IT Solutions
Depend on us to get your organisation to the next level.
Sectors
BCN have a heritage of delivering outcomes through our cloud-first services and currently support over 1200 customers across specialist sectors.
About Us
Your tech partner
Change Your Password Day, which falls on February 1st, acts as an annual reminder for individuals and organisations to prioritise good security practices and fortify their digital defences.
This year’s event comes just a couple of weeks after what’s been dubbed the ‘Mother of all breaches’, in which 26 billion records were stolen and leaked online, affecting users of LinkedIn, Facebook, Dropbox, X, and other popular platforms. In the face of such attacks, Change Your Password Day encourages more robust password hygiene.
We look at the origins of the day, and explore how modern methods of user authentication are helping businesses meet the challenges of an ever-evolving threat landscape…
Reportedly instigated as one man’s response to having his personal accounts hacked twice in quick succession, Change Your Password Day has been an annual event since 2012. The man behind the idea, Matt Buchanan, reportedly felt it would help people remember to check they were following the right password practices, and changing them if necessary, if there were a specific day set aside for doing it. And presumably that’s what he has done for the past 12 years.
Of course, the IT landscape has changed dramatically in that time. The cloud has boomed, and the Internet of Things has meant passwords have become less ‘everyday’ than modern technologies like biometrics. But passwords are still an integral element of any business’s cyber defences. And when it’s thought that as many as 86% of cyberattacks these days use stolen credentials, the importance of good cyber security housekeeping is arguably stronger today than it was 12 years ago.
Getting hacked can be devastating on a personal level, but it can sound the death knell for businesses, which rely on robust cyber security to safeguard valuable data and critical assets.
With remote workers and BYOD devices complicating security posture and broadening the attack surface, it’s more important than ever for everyone to be clued up and on the same page when it comes to password integrity.
At the very least, IT teams should be implementing the following, and ensuring users know how to use them:
As passwords proliferate across networks and systems, there is an increased risk to business data. According to Verizon’s 2023 Data Breach Investigations Report, 44.7% of data breaches last year were a result of stolen credentials. And with more and more users accessing systems from remote and disparate locations, there’s an urgent need for innovative security solutions that can keep critical infrastructure systems secure, and sensitive data protected.
These days, the answer isn’t as simple as changing a password or implementing MFA. Businesses need to consider the following protections:
Passwordless authentication: Typically deployed alongside Single Sign-On, passwordless authentication allows users to access systems or applications by using a fingerprint, proximity badge or hardware token code instead of a password. It helps strengthen security by improving user experience and eliminating password fatigue, as well as simplifying IT operations by making password management a thing of the past.
Single Sign-On: SSO is another way of combatting risky password behaviours and MFA fatigue, permitting a user to access multiple applications with just one set of login credentials. The SSO service authenticates the user in the first instance, and then grants them access to all the applications the user has been given rights and permissions to. It also eliminates any future password prompts within that sign-on session. To strengthen its efficacy, SSO should be coupled with identity governance and two- or multi-factor authentication.
Security keys: A physical security key is arguably the most secure means of MFA, because it’s a dedicated authentication device for an identified user that is not vulnerable to phishing attacks. Security keys can play a crucial role in protecting sensitive information by ensuring only authorised individuals can access a computer system, network or data repository. Typically a small USB device that is plugged into a computer or laptop to authenticate a user’s identity, physical security keys are highly secure, though they do require additional hardware to be purchased.
A software-based security key is often more convenient, and is far less vulnerable to being lost through human error. These are typically built into a device’s operating system, web browser or other software and deployed when needed.
Verifiable credentials: Potentially the password alternative of the future, verifiable digital credentials (VCs) would represent the decentralisation of user authentication. In this model, users would transact digitally using a portable ‘wallet’ of VCs, such as their personal details, secured by passwordless authentication and authorisation. This wallet would contain all a user’s up-to-date credentials and could be used everywhere from government services and online learning portals to enterprise networks and small business cloud storage. The possibilities for this friction-free access model are endless.
Even with the best protections, practices and education in place, security compromises can and do happen. In the event a password is breached and your organisation’s data is exposed, ensuring everyone knows what to do to quickly recover lost data, secure the environment and get back to business is absolutely crucial. A well thought out Cyber Incident Response plan and a robust Business Continuity strategy are critical tools in helping you proactively minimise the damage of a successful cyberattack or breach.
At BCN, ensuring the highest standards of cyber security for all our customers is a year-round commitment, not just something to think about on Change Your Password Day. Our Cyber Security Pledge means we’ll always offer you best-in-class cyber security solutions that are tailored to your specific needs and goals, whether it’s delivering password awareness training to your teams or helping you enable modern authentication methods across your IT environment.
For more on how BCN can help you better protect your critical business assets, get in touch with our team this Change Your Password Day.
