If you didn’t realize that the first Thursday in May was World Password Day, you’re not the only one. Intel Security officially declared it back in 2013, but apparently, even they’ve forgotten about it; the URL for the “official” World Password Day website now directs to a COVID-19 resources page.
It’s just as well. Most people had never heard of this “holiday,” and those who did were probably quite confused. The name “World Password Day” didn’t convey anything actionable. That said, with compromised login credentials being responsible for over 80% of data breaches, we shouldn’t relegate World Password Day to the dustbin of history. Instead, we should shift the conversation and rename the first Thursday in May to World Password Management Day, a day on which consumers and businesses take action to ensure they securely manage all of their passwords.
Here are six reasons why.
Password rotation is obsolete
World Password Day was originally conceived as a day in which consumers would change their passwords, the logic being that regularly changing passwords would create a moving target for cybercriminals. This made sense in the pre-cloud, pre-mobile era, when “digital sprawl” didn’t exist, and most cyberattacks were executed manually. It makes no sense in today’s hyper-automated, cloud-driven, BYOD, remote-work world. This is why NIST stopped requiring arbitrary password changes in 2017, instead advising organizations to change passwords only in the event of a user request or evidence of compromise.
People are suffering from password overload
The name “World Password Day” implies that consumers have only one or a small handful of passwords to keep track of. While this was the case prior to widespread high-speed home internet and 4G LTE mobile phones, it’s certainly not now. According to a survey by Digital Guardian, 70% of consumers have at least 10 password-protected online accounts, and 30% have “too many to count.” All of those accounts are too difficult for anyone to keep track of manually, which results in users engaging in risky practices, such as reusing the same passwords across accounts.
Consumer password overload is fueling business data breaches
Consumer password overload can easily spill over into the workplace if employees reuse their personal account passwords for work-related apps or websites. If those personal accounts are breached, cybercriminals can use those passwords to get into their work accounts; in other words, Company A ends up compromised because of a seemingly unrelated data breach at Company B. Seventy percent of respondents to the Ponemon Institute’s 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses, sponsored by Keeper, report cited stolen or compromised employee passwords as a major pain point.
Password overload also degrades organizational productivity
In addition to contributing to data breaches, password overload also impacts organizational productivity, especially if users do the right thing and use a strong, unique password for every account. No one can remember multiple random, high-strength passwords, so employees try to keep track of them using spreadsheets, sticky notes, and other inefficient methods. Over time, many hours are lost to searching for passwords. Sometimes, after a frantic search has turned up empty, employees give up and ask the help desk to reset their passwords, which ties up IT personnel and takes away from time they could be using on more productive tasks.
Multi-factor authentication is just as important as strong, unique passwords
It’s imperative that everyone use a strong, unique password for every online account to prevent data breaches and other password-related cyber attacks. However, strong, unique passwords are not a standalone security solution. If a password is stolen in a data breach and put up for sale on the Dark Web, how strong it is won’t matter. For this reason, it’s just as important for users to enable multi-factor authentication (2FA) on every account that supports it. With 2FA in place, even if a cybercriminal gets hold of a password, they won’t be able to access the account without the second factor.
Password managers are now essential tools
A password manager, such as Keeper, is no longer a convenience item; it is an essential tool to combat password overload and ensure proper password security both at home and in the workplace. A password manager securely stores user login credentials for all online accounts for instant access whenever they’re needed. Since the password manager keeps track of anything, users can set strong, unique passwords for every account and not worry about losing or forgetting them.
Keeper solves password management problems for consumers, families & businesses
Every Keeper personal user gets a private, encrypted digital vault that they can access anywhere, from any device. It auto-fills login credentials, which makes it easy to use a strong, unique password for every online account. It even stores 2FA codes. Additionally, Keeper can securely store sensitive files, documents, photos, and videos. It also lets you securely scan and store payment cards for faster checkout on websites and apps.
Keeper Family plans extend all the great features of Keeper to up to five users in a household, with easy and secure sharing features so that family members can share passwords, files, payment cards, and more.
Keeper’s business password management solutions give organizational IT administrators complete visibility into employee login credentials, enabling them to monitor password usage across the organization, including remote employees, and enforce policies such as strong passwords, 2FA, role-based access control, and other security protocols. No one will ever lose or forget another password — which means no more time-consuming help desk tickets to reset lost or forgotten passwords.
Keeper wishes you a Happy World Password Management Day 2020!
Not a Keeper customer yet? Download Keeper Password Manager and Digital Vault now! Interested in how Keeper can help protect your business against the #1 cybersecurity risk? Reach out to our team today.