Problematic passwords and strengthening digital security

According to research carried out by UK card machine provider, Dojo, 34 million people have been warned by security specialists that their choice of passwords are leaving them vulnerable to malicious attacks - for perspective, that’s practically half the population of the UK. 

With hackers and bots becoming ever more intelligent, you may expect (or hope) people to be a little more careful when it comes to password etiquette. However, it seems the opposite is true. Here are the top 10 most commonly used passwords, globally:

1. 123456
2. 123456789
3. qwerty
4. password
5. 12345
6. qwerty123
7. 1q2w3e
8. 12345678
9. 111111
10. 1234567890

Digital security best practice tells us to never use the same password across multiple accounts. However, with the average person owning more than 100 online accounts, it’s unsurprising that we occasionally fall into the trap of reusing a familiar word or phrase to simplify our online experience.

Fortunately, where our memories leave off, smart technology picks up - and for business and security leaders, there has never been a better time to empower employees with solutions to do more digital security heavy lifting.

Single sign-on solutions

With employees working remotely, single sign-on technology is a digital security must, and most organizations have their own solution in place for this. However, if the solution falls short of an employee’s email client, there is still work to do.

Protecting employee email accounts with an authentication solution is particularly important in ensuring data protection, as well as going a long way in avoiding ‘forgotten password’ headaches for time-poor IT teams. Email is where we handle the majority of our most sensitive digital communications; with employees working remotely, ensuring this most vital platform is properly protected is vital.

The latest ICO report shows that the leading cause of serious data breaches remains non-cyber related issues (specifically data shared with incorrect recipients, misuse of Bcc, failure to redact, and unauthorized access to sensitive data). Evidently, email remains a security hotspot when it comes to data breaches, over and above malicious inbound attacks. 

With data incidents on the rise, it is clear that compulsory training on digital security do’s and don’ts isn’t enough. Employees are often burdened with data security responsibilities on top of their day to day roles. Instead, organization’s should leverage the smart technologies available to them to alleviate people of security stresses. 

Email platforms have failed to keep up with digital transformation, meaning they lack many security features needed to meet the data protection requirements facing businesses today. As a result, employees are forced to use alternative platforms and portals to send large files or engage with stakeholders - platforms which rarely deliver a secure or user-friendly experience.

How does MFA work?

There is a time and a place for passwords - and it’s every time an employee shares sensitive data digitally. 

Multi-factor authentication (MFA or sometimes referred to as two-factor authentication or 2FA) technology authenticates the identity of the recipient before allowing them access to sensitive information. It does this by asking the user to present (at least) two pieces of evidence from at least two of the following categories:

• Something you know, such as a password
• Something you have, such as a mobile phone
• Something you are, such as your fingerprint

Typically, MFA is applied in the form of having to enter a password and a unique time-based one time password (TOTP) sent e.g. via SMS or via an authenticator app.

Stringent security disciplines such as this demonstrate an organization’s commitment to protecting their stakeholder’s digital information. They also support compliance and instill digital security best practice amongst employees. 

Using MFA is one of the top three things that security experts recommend doing to protect sensitive information. Plus, 9 in 10 consumers say that using 2FA makes them feel like their online information is more secure. However, interestingly enough, this is far from common practice when it comes to exchanging information internally or externally via email at work. 

The vast majority or organizations still share sensitive financial, medical, legal or personal information without protecting it with MFA, which, when privacy sensitive information is concerned, is even forbidden under GDPR.

In addition to protecting the sensitive data we share with MFA, ensuring a solution follows through on user-experience is also a priority when investigating security platforms. For both employees and recipients alike, workflows must be simple, with smart technologies only enhancing the experience rather than cluttering it. Digital fatigue is a very real issue today - which is one reason password mishaps are so prevalent.

Learn more about how your business can step up its digital communications security game.