The power of a strong password

Emile Abou Saleh, Regional Director, Middle East and Africa at Proofpoint.

Passwords are one of the first critical barriers between a person, a threat actor and a successful cyberattack. The most common mistakes people continue to make with their passwords are 1) creating weak, easy-to-guess passwords, which include common words, phrases, names, and dates associated with you or your family, and 2) reusing the same password across multiple sites and devices.

While we continue to advise people to create complex passwords and use different passwords across accounts, especially on critical financial and data-driven accounts, on World Password Day 2023, we must also consider how we need to go beyond basic password hygiene in today’s sophisticated threat landscape, for both consumers and organisations.

The bottom line is that passwords, no matter how complex can be stolen. Credential theft is on the rise globally, with 26% of UAE organisations that experienced a successful phishing attack last year reporting credential theft and compromised accounts. Cybercriminals realise it’s easier (and cheaper!) to steal credentials and log in than hack into technical systems – and once they have compromised just one employee, they can move within the organisation’s networks.

One step to help prevent password theft is to turn on multi-factor authentication (MFA) if available for as many accounts as possible. The basic concept is to use two forms of ‘evidence’ that validate identity before access is granted, increasing account protection. For example, when you sign into your account, you will receive an alert to your phone requesting confirmation in order to log in. This approach frustrates the automated systems threat actors use to guess passwords or when plugging in stolen passwords.

Another step is to use a password manager. A password manager creates randomized passwords that are safely stored, encrypted, and accessible across all personal devices and reduces the burden of trying to remember complicated login credentials across multiple websites. If you use a passphrase as part of your password manager, make sure you never use common words or phrases, names, or dates associated with you or direct family members.

We must also keep in mind that regardless of the complexity of your password, whether you have MFA in place, or if you’re using a password manager, we have seen threat actors continue to be successful in siphoning user log-ins by bypassing such technologies. Since 95% of cybersecurity issues can be traced to human interaction, it remains important for all users to understand how to identify credential phishing attempts, to avoid falling victim to this growing threat.

Top tips for employees/consumers:

We recommend consumers use different passwords, especially on critical financial and data-driven accounts. Be sure to turn on multi-factor authentication (MFA) if available for as many accounts as possible. Use a password manager. A password manager creates randomized passwords that are safely stored, encrypted, and accessible across all personal devices and reduces the burden of trying to remember complicated login credentials across multiple websites. If you use a passphrase as part of your password, make sure you never use common words or phrases, names, or dates associated with you or direct family members.

Additional Password Management & Creation Tips

Use multi-factor authentication (MFA) for as many accounts as possible. The basic concept is to use two forms of ‘evidence’ that validate identity before access is granted, increasing account protection. For example, when you sign into your account, you will receive an alert to your phone requesting confirmation in order to log in. This approach frustrates the automated systems threat actors use to guess passwords or when plugging in stolen passwords.
Use a secure password management application that can recall multiple passwords and automatically inputs them when needed. Using a password management application removes the need to remember and juggle multiple passwords, which makes users more inclined to use more secure and longer passwords.
When it comes to password creation, avoid common words, phrases, names, and dates associated with you or direct family members. Threat actors can easily cross reference any data captured on you to arrive at the correct combination to break into your accounts. If the site you are using is prompting you to change your password, make sure you follow that advice and switch it to another strong and unique password – don’t just put a ‘1’ on the end of your old one so you can get through the password change screen quickly.

Tags: