The UK government recently announced new regulations enforcing consumer protections against hacking and cyberattacks, including banning smart device manufacturers from using weak, easily guessable default passwords such as ‘12345’.
In light of these regulations and World Password Day on 2 May, 2024, it is vital for individuals and organisations to ensure they are using strong authentication methods, to decrease the chance of cybercriminals hacking into online accounts and gaining access to personal or important data.
Even the strongest passwords can be easily targeted for phishing attacks. And, after a password is stolen, cybercriminals can easily navigate around many legacy forms of Multi-Factor Authentication (MFA). Therefore, the most secure option is to remove passwords all together and instead opt for phishing-resistant authentication methods.
Ahead of World Password Day, Niall McConachie, Regional Director (UK & Ireland) at Yubico, comments on the risks of passwords and better alternatives:
“Traditional username and passwords are no longer sufficient for staying secure – but they unfortunately remain one of the most widely used forms of authentication globally. What makes the persistent use of passwords remarkable is that they are broadly despised by both users and cybersecurity professionals – simple passwords are easily remembered, but also easily guessed. Policies requiring passwords to become increasingly complex and more regularly updated ask more of users’ memories and directly impacts their experience.
“Phishing attacks, in which cybercriminals attempt to steal account credentials through deception and social engineering, are the starting point for many cyberattacks. Once a password is stolen, cyber criminals can successfully bypass many forms of Legacy Multi-Factor Authentication (MFA) like SMS-based One-Time Passcodes (OTPs).
“Reliable protection from modern cyberthreats requires modern, phishing-resistant passkey MFA such as hardware security keys, which can stop remote attacks by requiring something you know (a password) and something you have (a security key) to insert into the device and physically touch it to gain access to accounts. With convenient, secure authentication like this readily available, it’s time we forget about passwords permanently.”
Click below to share this article
