Celebrate World Password Day with a password audit
May 5, 2022 marks the ninth anniversary of World Password Day, an event created by Intel to raise awareness about the importance of strong passwords. For more than 60 years we have relied on passwords to secure our personal and professional accounts, and to act as the thin layer of protection between our digital identities and cyber criminals.
That’s a lot of responsibility to put on a series of numbers and letters that are likely being reused across multiple services. In honor of this year’s World Password Day, it’s time to put corporate passwords to the test in the form of a password audit.
Password Reuse Flourishes
World Password Day highlights the many weaknesses associated with passwords. Addressing each and every one of these would be challenging but tackling the problem of password reuse goes a long way to combating password attacks.
The recently released Weak Password Report highlights that people continue to use vulnerable passwords that are easy to guess or already compromised. Google’s Online Security Report found that 65% of people reuse their password. It is the reuse itself which compounds the vulnerability since a data compromise on one service results in breached password lists being used repeatedly in password attacks of other services.
Password reuse is the understandable result of having too many passwords to manage in our digital lives. It’s common for someone to reuse a password once they come up with one that passes the complexity test of a password strength meter, usually following the same pattern of choosing words related to family or interests. Seasons of the year, movies, musicians and favorite sports teams top of the list of passwords frequently found on breached lists.
Future of Passwords
With wide-spread understanding of the inherent weaknesses of passwords, it’s understandable that the tech world is predicting a passwordless future. Replacing passwords from certain products and services is possible, but a passwordless world is a long way off. Multi-factor authentication services often rely on passwords as the first factor, or as a failsafe factor when things go wrong. These authentication services have already proven to be vulnerable to attacks, such as the SIM swap attack that Jessica Alba fell victim to or the Coinbase MFA exploit that sent authentication tokens to cyber criminals.
Any organization that relies on passwords, today and in the future, should follow these recommendations:
- Perform a password audit to understand password-related vulnerabilities in your environment.
- Enforce the creation of longer and stronger passwords.
- Continually detect and block the use of compromised passwords.
Celebrate World Password Day with a password audit. Specops Password Auditor is a free, read-only tool that allows organizations to audit their Active Directory accounts for more than 800 million known breached passwords, generate password reports and compare the organization’s password security against best practice.
(Last updated on May 4, 2022)