Today marks World Password Day, an annual event that was originally designed to remind people to update their passwords regularly. However, in 2024, security experts are calling for the complete abolition of the traditional password system, deeming it hopelessly insecure and outdated.
“All signs point to the average password being hopelessly insecure,” says Anna Collard, SVP of Content Strategy and Evangelist at KnowBe4 Africa, a prominent cybersecurity firm. “We need to drop these poor passwords and protect our data and organisations in other, more robust ways.”
No ad to show here.
The Troubled History of Passwords
Passwords have long been the weakest link in cybersecurity. Despite ongoing efforts to educate users on best practices, people still frequently use simple, easily guessable passwords and reuse them across multiple accounts, putting their personal and professional data at risk.
“Cyberattacks are often the result of several factors, but weak passwords combined with social engineering rank among the highest contributors,” Collard explains. “If one account is compromised through techniques like credential stuffing, it can provide access to countless other accounts that share the same login credentials.”
Moving Beyond the Password Era
While updating passwords annually was once considered a reasonable precaution, experts now agree that relying solely on this method is insufficient, especially given the sophistication of modern hacking techniques.
“As humans, we struggle to create genuinely strong passwords,” says Collard. “Even techniques like using passphrases or song lyrics don’t provide enough protection on their own anymore.”
Instead, cybersecurity professionals are advocating for the widespread adoption of multi-factor authentication (MFA) and biometric authentication methods. These combine multiple layers of security, such as something you know (like a password), something you have (like a hardware token), and something you are (like a fingerprint or facial scan).
“By using multiple factors, it becomes much harder for attackers to phish, guess, or predict login credentials, making our accounts far more secure,” Collard states. “Not all MFA methods are equally robust, though, so it’s important to choose phishing-resistant options when possible.”
Embracing Password Managers
While MFA and biometrics provide a much-needed extra layer of security, experts still recommend using strong, unique passwords or passphrases for each account. However, remembering hundreds of complex login credentials is an unrealistic expectation for most people.
The solution, according to Collard, is to adopt a reputable password manager. “With a password manager, you can generate unique, lengthy, and intricate passwords for each login you have. The only thing you need to remember is a strong master password or passphrase, along with MFA, to access your password manager.”
Cultivating a Security-First Mindset
Ultimately, safeguarding personal and corporate data in the modern age requires a comprehensive, multi-layered approach and a cultural shift toward prioritising cybersecurity best practices.
“It’s about cultivating good habits and a healthy security culture in the workplace and at home to protect both your colleagues and your family,” Collard advises. “Using the same password for work and personal accounts undermines the efforts of IT departments to secure their organisations.”
As World Password Day 2024 reminds us, the traditional password is no longer fit for purpose. By embracing modern authentication methods, password managers, and a security-first mindset, individuals and businesses can significantly strengthen their cyber defences and protect their digital assets from increasingly sophisticated threats.
Read next: Trend Micro 2023 Cybersecurity Predictions: A Year of Caution and Adaptation
