It is the first Thursday of May and you know what that means? It is World Password Day! First celebrated in 2013, this day is meant to serve as a reminder of the importance of good password hygiene. It would make sense that as an Identity and Access Management company, we at OneLogin are passionate about the subject of strong authentication and password policies. Not to mention, due to the unfolding crisis of COVID-19 and the resulting sudden move to remote access and teleworking infrastructure for enterprises across the globe, that the need for simple and secure access is more important than ever.
We took the opportunity to do a survey of 5,000 remote workforce employees from five countries - Germany, France, the United Kingdom, the Republic of Ireland and the United States - to review security measures and best practices around passwords. We will be publishing the full findings at a later date but this is a summary of the highlights from our 2020 survey:
People are using their devices for more than just work.
Our results found that across all five countries surveyed, consumers are misusing their work devices. From high risk sites to video streaming channels, the fact is that users are exposing their businesses to vulnerabilities by accessing non-verified and insecure web pages. Ever heard of a drive-by download attack? This is a common cybersecurity threat where a bad actor targets a person through their Internet browser, installing malware on their device by visiting an infected website. Some things organizations can do to reduce their exposure are:
- Ensure all users are keeping their web browsers and applications up to date with the latest security patches and enable pop-up blockers
- Run antivirus or malware detection programs regularly on all corporate devices
- Do not give admin access to end users to mitigate the user’s ability to download potentially harmful software and minimize damage that could be done from a bad download by limiting to the user context vs. the machine
Sharing passwords is risky business.
Nearly 1 in 5 - 17.4% of global respondents reported sharing their work device password with either a spouse or child, opening the door to not only exposing corporate data, but other vulnerabilities. The fact is, sharing passwords is risky business - the outcome can be very troublesome if that password falls into the wrong hands. Thinking of sharing your password as being equivalent to sharing your social security number or another unique identifier. Your password is the key to your personal identity in the digital world. The risk of sharing your password with a spouse or child is not just risking someone stealing that information - you are then granting access to your digital identities and devices.
Let’s say you share your password with your child, who is homeschooling due to COVID-19, and they decide to hop onto your work laptop to write an assignment. Next, they send that document to their teacher to look over, which is reviewed and sent back to your corporate device. The teacher unknowingly has malware on their computer, and a virus hitches a ride on the document back to you, exposing the corporate network to damage and compromising other identities where you may be reusing this password.
When was the last time you changed your WiFi password?
According to our survey, consumers from across the globe are waiting months, even years to change their WiFi password and 25% of those we surveyed never changed their password. You may not realize it, but changing your WiFi password periodically is an essential part of keeping your network (and the devices that are on it) secure. Are you one of those that is guilty of still using the default password written on your WiFi router? Those router passwords are well-known and easy to access by hackers, putting you at risk of a bad actor hijacking your network, locking you out of your router and accessing your device files.
By making a routine of changing your WiFi passcode, you are ensuring that any leechers or potential threats are shaken off of your network. And while you’re at it, change your passwords for the other digital identities you have! Set a reminder in your calendar today, on World Password Day, to repeat every three months with a note to change your passwords.
The truth is…
Passwords are one of the oldest security tools in the world of software and internet and one of the top entry points for hackers - but not the only entry point. This survey points out additional vulnerabilities to be aware of, for individuals and organizations, especially in the COVID-19 era of a fully remote workforce. Just one month ago, the U.S. Department of Homeland Security & United Kingdom’s National Cyber Security Centre released a joint alert on the growing number of COVID-19 related threats by malicious cyber actors. Now more than ever, we must stay vigilant, we must stay aware and above all, we must protect our security and our digital identities. So, change your passwords, talk to your families and friends about cybersecurity and stay safe. Go find more of what we found out. Happy World Password Day!