Today is World Password Day. Yes, I’m serious, and yes, apparently a day is set aside to commemorate just about anything. However, I didn’t see any Happy World Password Day cards at the store yesterday, so I’m going to assume that the only folks who know about this event are those who read security publications and blogs. That means the message of the day isn’t getting out to the people who need to hear it the most, as Network World pointed out:https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=iA different study found that although “78 percent believe that it’s risky to share passwords with family members, 37 percent are likely to do so. The majority of respondents (54 percent) also admit to sharing their login information with family members so they can access their computers, smartphones and tablets.” It's unrealistic to think password sharing doesn't happen.
While, yes, this example discusses password sharing among families and loved ones, password mismanagement is a problem, period. It shows that even though we understand the risks behind password sharing, for instance, we’re still doing it in the workplace, as Information Age explained in its discussion of a recent study that found that the majority of us share passwords:
Business password sharing is also common. Almost half of the respondents were more likely to share their work passwords than personal passwords.
But it isn’t just about sharing passwords. What we also should think about on World Password Day is how password theft remains a huge security problem. Earlier this week, Reuters reported that popular email clients – Gmail, Hotmail and Yahoo Mail – were part of an attack that resulted in the theft of nearly 300 million usernames and passwords:
The latest discovery came after Hold Security researchers found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totalling 1.17 billion records.
What makes this theft so valuable is poor password management among users. We re-use the same password across multiple accounts and we rarely change passwords. There has also been a shift in what cybercriminals are after, Jason Hart, vice president and CTO for Data Protection at Gemalto, told me in an email. They want personal information and they are stealing identities, which are harder to remediate once compromised. He added:
Cybercriminals are targeting personal data that can be used to hack into business accounts. Data breaches are now much more personal and the universe of risk exposure for the average person widening.
So on this World Password Day, it isn’t just a good idea to review your passwords and take better care of keeping them private; it’s absolutely necessary to improve your entire security posture.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba