Strong and Simple. Password: balance.

News
sterk-en-simpel-wachtwoord-balans
Published by
WINMAG Pro Editorial Team
Sat, 22 March 2025, 08:00
Share

Passwords serve as the first line of defense against cyber threats. However, because millions of people still use simplistic passwords like '123456', they remain the weakest link. Such lax security can disrupt an organization by increasing the risk of data breaches, ransom demands, and irreparable damage to customer trust. Recent attacks like Okta and 23AndMe were made possible by stolen login credentials, demonstrating the widespread impact and ongoing threat of weak passwords. World Password Day on May 2 aims to raise awareness about the importance of using strong passwords. Various experts share their insights. 

The Possibility of a Passwordless Future 

Zahier Madhar, lead security engineer at Check Point Software: "In the discussion around traditional passwords versus biometric authentication, some experts advocate for eliminating passwords in favor of modern solutions like fingerprints and FaceID, due to their convenience and enhanced security. Others support the continued use of password managers or a combination of methods. While biometric authentication is secure, it has a significant drawback: once biometric data is compromised, it cannot be changed. This vulnerability can lead to irreversible identity theft. Traditional passwords, on the other hand, can be updated regularly. We are, however, seeing a noticeable shift towards passwordless authentication, especially in sectors with stringent security needs like banking and corporate communication. This shift includes the adoption of hardware tokens, multi-factor authentication using alternative devices, and one-time verification." 

"Despite advancements in authentication technology, traditional passwords remain common for accessing essential services like email and personal accounts. Meanwhile, the techniques used by cybercriminals are evolving. Hackers utilize machine learning algorithms to predict and crack passwords faster than ever, exploiting every crack in our digital armor. This escalation of attack capabilities necessitates a good defense, including the use of longer and more complex passwords." 

Safer Without a Password 

Bart Bruijnesteijn, Solutions Engineering Director North Europe at CyberArk: "It may sound contradictory at first, but by removing passwords, we can better protect accounts. Securing user identities through other methods offers better protection against phishing, keylogging, and man-in-the-middle attacks. Additionally, removing complex password requirements and frequent password updates simplifies the user experience. Moreover, passwordless authentication also increases productivity, as IT support no longer has to deal with issues like resetting passwords."  

"However, there are barriers for organizations to transition to passwordless authentication. First, there are legacy systems that require passwords. The complexity of larger environments with thousands of users, numerous applications, hybrid and multi-cloud environments, and complicated login paths can also be a challenge. Identity and Access Management (IAM) can facilitate organizations' transition to a passwordless world through passwordless endpoint authentication, for example. Organizations can also look at passkeys: a new passwordless factor for multiple devices that utilizes the security capabilities of the devices. Furthermore, passkeys are highly phishing-proof and eliminate attack vectors that are possible with password authentication." 

"We will still be 'celebrating' World Password Day for a number of years, but hopefully soon only as a reminder of what we used to have." 

Involve Users in Password Policy 

Maarten Werff, solution consultant cybersecurity at Conscia explains why it is so important to maintain good password habits: "There is increasing awareness of the importance of good and unique passwords. Nevertheless, it remains important to identify vulnerabilities and align your password policy accordingly." 

"Set requirements for length, change frequency, and prohibit generic passwords. Additionally, involve users in this policy, as aware and engaged users are more alert to vulnerabilities. It is also important to use multi-factor authentication so that malicious actors cannot easily gain access with a password that inadvertently leaks." 

Essential Password Hygiene 

Best practices for strengthening password security: 

Complexity and length: Create passwords with a combination of numbers, letters, and symbols, with a length of 12-16 characters. By extending this to 18 characters, a password can become virtually unbreakable, given the exponential increase in possible combinations. Do not use easily guessed personal information such as birthdays or anniversaries, but opt for phrases or sentences, such as 'meryhadalittlelamb', or a more secure variant with special characters: '#M3ryHad@L1ttleL4m8'.  

Regular updates: Change passwords regularly, especially after security incidents such as data breaches. Tools like Have I Been Pwned or Check your hack from the Dutch police can help check if accounts have been hacked in a breach. 

Multi-Factor Authentication (MFA): Always enable MFA to add an extra layer of security. This ensures that even if a password is compromised, unauthorized access is still blocked. 

Security KPIs: Organizations should enforce regular password changes and use Privileged Access Management (PAM) solutions to effectively manage and monitor account and data access. Additionally, educating users about robust password practices is essential to strengthen defenses against increasing cyber threats.