The first Thursday of May was World Password Day, an event that seeks to raise awareness of the importance of protection to prevent fraudulent activity and theft of sensitive information. This year, moreover, has been a particularly important date since due to the situation we are experiencing with COVID-19, many hackers are using social engineering or phishing techniques, among others, related to the disease to steal access credentials to all kinds of portals and services.
To help with this awareness, experts from McAfee, a company specialising in cloud-based device cyber security, OpenText, from Enterprise Information Management, and Nuance, a company dedicated to artificial intelligence and the fight against fraud, reflect on the security of passwords and the evolution that authentication is undergoing thanks to technology.
Francisco Sancho, Product Manager Consumer and Mobile at McAfee in Spain, says that "today more than ever, password security is critical, especially when we think about the new normality we are facing". "As more workers rely on cloud-based services to work productively from home and collaborate with colleagues, it is vital that businesses educate their employees in basic 'password hygiene'. With every new service, comes a new password, or at least it should. Unfortunately, many of us are guilty of reusing the same password on multiple accounts," he says.
"When the same log-in credential is used for multiple cloud services, data breaches can expose these credentials to access corporate services, risking leaving sensitive company data open to theft. Recent McAfee research showed that 52 percent of companies are using cloud services from which user data has been stolen in an attack," he notes.
"Cloud security can only become a reality when responsibility is shared. The cloud service provider offers important security elements, but the company itself, the IT department and users are also responsible for ensuring that security is maintained. For employees, this means using secure passwords for every cloud service they access and being on the lookout for phishing attacks. Organisations can play their part by implementing two-step authentication on all professional services and devices. Requiring a second form of identification, in addition to logging in, limits what hackers can do. Password security is crucial, but by using two-step authentication, organisations and workforces (especially now remotely) will not rely solely on passwords as their only form of defence," the expert says.
Jorge Martinez, OpenText's regional director for Spain and Portugal, considers that World Password Day "is an important opportunity to reflect on the evolution of authentication and identity management, especially now that we are in a moment of unprecedented digital dependence due to the global shift towards teleworking as a result of COVID-19".
"In this regard, cybersecurity is more important than ever due to the increasing demand for networks as companies rapidly adopt new working models. Employees have become digital nomads working in and out of the VPN, checking their bank accounts, accessing emails or connecting to time management systems, and they are using a single device in which the traditional password is the main form of identification," he argues.
"Over the years, a multi-layered security approach has been added to the traditional password. Fingerprints, or voice and facial recognition, are increasingly used to protect both devices and services. As such, many in the technology industry have long talked about removing that password that we have so ingrained, but it is only now that we are beginning to see a real trend towards relying on mobile devices for what some call 'zero login' access," he adds.
"While many businesses and consumers have begun to take a more proactive approach to cybersecurity, now more than ever, with cybercriminals exploiting the COVID-19 pandemic to commit fraud or carry out attacks, companies must implement a robust set of cybersecurity policies, practices and solutions to keep business devices and data secure," he concludes.
Brett Beranek, vice president and general manager of security and biometrics at Nuance, said, "We have seen a significant increase in the volume of fraud attacks, ranging from 200% to 400% in recent weeks, depending on the industry. "From social engineering to email phishing and the creation of fake Web sites, fraudsters are taking advantage of any drop in defenses during the COVID-19 pandemic by putting pressure on the security of traditional PINs and passwords. With the rapid increase in online activity, organisations whose teams are teleworking have to ensure that security is not compromised, hence biometrics has become a primary technology," he stresses.
"This year's World Password Day should be a call for caution, as fraudsters are looking at vulnerabilities in the new digital operating models that businesses have incorporated to take advantage of consumers. But it should also be an occasion to recognize that with uncertainty often comes innovation, and that this could be what redefines how we will be protected in the future," he notes.
Simon Marchand, Nuance's director of fraud and prevention, believes that "as consumers react to the growing volume of fraudulent activity, especially around coronaviruses, they will demand better protection from the companies they do business with". "Many will even begin to take ownership of the issue, moving away from services that rely on archaic methods, such as passwords, to safeguard their data and focus on more innovative approaches such as biometrics," he adds.
"When asked about their perception that biometrics are useful in detecting fraud and preventing it before it occurs, one-third (36%) of consumers said they would do business with companies that offer this technology. A similar number (25%) even asked for more companies to use it," he notes.
"Balancing consumer convenience and ease of access with strong security measures is an act that the organisation must do on an ongoing basis. Today, as the volume of users using digital channels to do business increases, a certain level of security is expected without compromising usability in the process. Passwords not only cause frustration for the consumer, they are also inherently insecure, and this World Password Day it is time to change the way we think about data authentication," concludes this expert.