In case you missed it, LastPass celebrated World Password Day by hosting a panel of experts who shared their experiences with password security. Our theme was fitting for the day - how are passwords and authentication evolving?
Joining LastPass Director of Product Marketing, Katie Petrillo, and VP of Product, Dan DeMichele, were three industry experts with diverse security backgrounds:
Keren Elazary - Security Analyst, Author, and TED Speaker
Derek Brink - VP and Research Fellow, Aberdeen Strategy & Research
Gerald (Gerry) Beuchelt - Chief Information Security Officer, Sprinklr
Each of our panelists has faced the challenges of researching and implementing effective password security policies and practices within a variety of companies and industries.
Our panel started by reviewing some of the frustrations of managing password security, from both individual user and company perspectives. Keren pointed out that hackers focus on passwords to attack systems and networks because they are notoriously hard to manage and easy to guess. Users fail to change their passwords often, and when they do, they reuse old passwords or phrases and numbers that are easy to remember – and vulnerable to hackers, credential stuffing apps, and stolen lists. This security risk is compounded by employees and consumers using the same passwords for the tens, or even hundreds, of apps they access every day.
As Derek related, this is not a new problem, but it is a costly one. His research showed that across multiple industries, data breaches cost companies on average around 6% of revenue and more than 10% of EBITDA. Dan and Keren suggest that the cost of password insecurity is likely higher than this figure since companies must invest in technology and user training to avoid attacks and data breaches, not to mention clean up after a successful breach.
There are currently plenty of ways to defeat hackers using strong passwords, multi-factor authentication (MFA), and device-specific biometric security apps, but the panel agrees that the human element is the biggest roadblock. End-users can’t remember strong passwords, so they tend to use and reuse simple passwords. When they do use strong passwords, they click the “forgot password” button all too often, and this creates an opportunity for hackers to intercept reset links if they can hack a user’s email. Thus, email passwords become critical factors in a comprehensive password strategy.
Password manager apps, like LastPass, can make the entire process of managing passwords, suggesting secure passwords, and adding MFA and other authentication protocols much easier. However, users must be willing to learn and adopt them. As Gerry said, education and awareness are critical to success in changing password habits and taking control of both personal and company security. Keren added, “we all need a version update”, which means we need to shift our thinking to a place where security is not an afterthought. To get there, we need tools and technology to make secure authentication easy and more automatic.
To end the session, our panel looked to the future. How can we get away from using passwords at all? As Dan said things are not going to happen overnight, but there is certainly progress in the direction of passwordless authentication. Zero Trust Security and FIDO authentication standards hold a lot of promise in addition to biometric security since they are implemented in more and more devices and systems. The panel agreed that these improvements must go hand-in-hand with simplifying the user experience across both consumer and corporate worlds in order to make them more broadly accepted.
There’s much more to hear and learn in our World Password Day panel discussion. Watch the complete panel discussion here.
Share this post via:
