10 November 2023
“World More Than A Password Day,” which was recently announced by Nonprofit Cyber, encourages stronger online security and aims to help individuals and organisations to get it right by giving them practical guidance. At CREST we are delighted to be a part of this important initiative as one of Nonprofit Cyber’s coalition of cyber security non-profits, and alongside the 90 other organisations that have endorsed it.
To put it simply, passwords are not secure because they can be guessed, stolen, or broken.
For example:
• People often use the same password for more than one service. If one account is hacked, this puts other accounts at risk too. For example, LastPass’s 2022 study on the psychology of passwords says that 62% of people use the same passwords more than once.
• People share passwords with each other all the time. This means that a business doesn’t know who can access what.
• Hackers can use brute force or guess weak passwords.
• Phishing emails and fake websites can be used to get people to give away their passwords.
• Keylogger software can get your passwords.
• Public Wi-Fi can be used to steal passwords.
Potentially the biggest problem with passwords is that while most people know they should use stronger passwords and not repeat passwords, they still all too often choose something that is easy to remember. The LastPass study also found that only 12% of people actually use different passwords for each account, even though 89% of those who answered said they knew that using the same or a similar password is risky. This big gap shows that being aware doesn’t always mean taking action, which is why this project is so important.
There is no question that stronger authentication than passwords is needed in many cases, such as Banking Apps or access to corporate resources.
“World More Than A Password Day” wants to do more than just raise knowledge about the cyber risk involved associated with poor password habit. It also wants to give advice that really inspires people to take action.
When a staggering 80% of data leaks are thought to be caused by weak or lost passwords, passwords that don’t change and are easy to crack are simply not enough. What is needed is stronger authentication methods than just passwords. And the change needs to happen now.
Only 2.6% of X users use MFA on their accounts, and almost half of all businesses don’t use it. And with so much of all of our personal and work lives online, this lack of authentication is a big concern.
Nonprofit Cyber has put out Protecting Your Accounts and Devices: Common Guidance on Passwords as part of the first “World More Than A Password Day”.
This complete guide gives people and small businesses simple steps they can take to stay safe online.
90 organisations from around, including CREST and the other organisations that are part of the Nonprofit Cyber alliance, have provided input and endorsed this advice.
As part of this worldwide event – “World More Than A Password Day” – we are urging individuals and businesses to use our guidance to make their online accounts and devices safer. Promoting awareness, regular membership or stakeholder interactions, and enhanced authentication techniques are examples of ways you can get involved.
Join #MoreThanAPasswordDay and help to redefine online security for a safer digital world.