Will passwords be a thing
of the past?
World Password Day is held on the first Thursday of May each
year. Emile Abou Saleh, Regional Director, Middle East and Africa
at Proofpoint, explains how individuals and organisations can do
their bit to increase password security.
his World Password Day, we
T
should not only consider how
we make passwords themselves
more secure, but how we ensure that the
management and handling of passwords
does not compromise their integrity as a
form of security and authentication. The
dangers of password reuse have been
made abundantly clear through the rise
in successful credential stuffing attacks,
yet recent research has shown that 45%
of working adults admit to reusing the
same password for multiple services.
This issue will likely persist into the
future due to human beings’ desire
for convenience and the difficulty
of remembering ever more complex
passwords for the multitude of online
services they use. The repercussions
can be serious, however, as one
compromised password can open an
individual up to identity theft or even put
their entire organisation at risk.
As we look ahead,
there is the potential
that security advice
will move away from
passwords altogether.
Emile Abou Saleh, Regional Director, Middle
East and Africa at Proofpoint
Likewise, cybercriminals are continuing
to leverage sophisticated strains
of information-stealing malware or
keyloggers, often delivered through
email phishing campaigns leveraging
social engineering. Even in the best-case
scenario where a user has complex and
unique passwords in place, a carefully
targeted phishing attack dropping a
stealer or keylogger can deliver these
credentials directly to the attacker.
For instance, according to the latest
Cost of Insider Threats 2020 Global
Report, Middle East organisations have
experienced the highest number of
insider-related incidents over the past
12 months and are likely to experience
credential theft.
Both individuals and organisations, not
only in the Middle East but globally, can
do their bit to respond to these threats.
Password reuse can be tackled through
greater education and training, but it
must be combined with technological
solutions to reduce the onus on the
individual, which is consistently the route
most exploited by cybercriminals.
Organisations should be implementing
multi-factor authentication as standard,
and it is also encouraging to see a rise
in the use of password management
applications which mitigate the risk
of relying on the human memory for
password security.
Additionally, going beyond simple webbased
training routines and instead
deploying rich simulated attacks can
provide a much more sustainable and
effective form of human defence against
phishing attacks. This, combined with
robust email security to ensure as few
attacks as possible ever reach their
intended target, will help to reduce the
reliance on the password as a last line of
defence against threats.
As we look ahead, there is the potential
that security advice will move away
from passwords altogether. We have
already seen a rise in methods such as
facial recognition and other biometric
authentication forms in use in place of
the traditional password.
This shift may be essential because
although technical vulnerabilities may
be harder to exploit in future, humans
are already and will remain the most
targeted link in cybersecurity, with the
most tech-savvy individuals vulnerable to
increasingly personalised and complex
attacks. Relying on passwords may be a
thing of the past. u
intelligent SOFTWARE SECURITY
www.intelligentciso.com | Issue 26
61