World Password Day – 5 Facts About Weak Credentials

Happy World Password Day!

Ok, I’ll admit until a few days ago, I wasn’t aware this was a thing. As with most events in my life, if Outlook or Android doesn’t serve me a popup reminder, I’m oblivious to it.

But this one commanded my attention, not only because of the never-ending news coverage we see about high-profile breaches, but also because I now know that 4 out of 5 are due to weak, default, stolen, or otherwise compromised credentials.

Around this time of year, we tend to see reports that detail the top 25 most common passwords. You’d think in 2018 we would be well beyond people using ‘password,’ ‘qwerty’ and ‘12345678’ as their passwords, yet here’s last year’s list and…well, you know where I’m going with this.

I don’t know if these folks just don’t care about security hygiene, if they aren’t that creative, or if they are just sick of passwords altogether, but something has to change. In a survey conducted by Centrify at the 2018 RSA Conference, 84% of 109 respondents said they agree that the time has come to no longer trust the password.

DID YOU KNOW: 5 FACTS ABOUT PASSWORDS

Maybe it IS time to no longer trust the password. Or, more specifically, to no longer trust the people who create and use them.

All it takes is for hackers to identify the one person in your organization using a weak password and they are in. It’s not even hacking – they aren’t breaking their way in, but rather walking right in the front door using the path of least resistance.

If that’s not enough to make you question your own password chops, below are 5 startling facts about passwords:

  1. Identity and compromised passwords were the common denominator in the biggest 2017 breaches, including Yahoo! (all 3 billion of its customers), Equifax, Uber, HBO, and more.
  2. In a survey of more than 800 executives by Centrify and Dow Jones Customer Intelligence, 68% of executives whose companies experienced significant breaches indicated it would most likely have been prevented by either privileged user identity and access management or user identity assurance.
  3. Verizon’s 2017 Data Breach Investigation Report revealed that 81% of hacking-related breaches leveraged either stolen and/or weak passwords.
  4. In the U.S., the average email address is used to access 130 online accounts. ONE HUNDRED AND THIRTY…and yes, that includes that old Hotmail account you still have. Now think about how many passwords are used to authenticate access to those accounts…
  5. …and then consider this: 61% of people use the same password across multiple web sites.

ZERO TRUST YOU MUST

At Centrify, we believe in Zero Trust Security. That means trusting no one, not even known users or devices until they have been verified and validated. Verify every user, validate their devices, and limit their access and privilege.

To power a Zero Trust Security approach requires Next-Gen Access, which means adopting a cybersecurity strategy with all three of the following components:

  • Identity-as-a-Service (IDaaS): SSO, Adaptive & Risk-Aware MFA, Identity Governance and Administration (“IGA”), Access Enforcement, Intelligence and Analytics, and more.
  • Enterprise Mobility Management (EMM): Mobile Device Management, Mobile App Management, Device Context, etc.
  • Privileged Access Management (PAM): Manage Privileged Users, Grant “Just Enough” & “Just in Time” Privilege, Detailed Audit and Compliance, and more.

By implementing a Zero Trust approach powered by Next-Gen Access, organizations can ensure that the weakest passwords won’t be the weakest link in their organizations, and an easy way for bad actors to gain access to the “keys to kingdom.”

Since tomorrow is May the Fourth, I’ll leave you with wise words from our favorite little green Jedi Master.