Let’s Ask An Expert. What Should We All Know About Passwords in 2022?

It’s 2022 and even in the past year, the digital landscape has changed substantially. 

With new cryptocurrencies, telehealth, and e-commerce changes popping up every minute around us, it can be a challenge for businesses to know how to keep up. 

So, we’ve taken the opportunity to ask an expert about what organizations should know for this World Password Day. Josh Horwitz, COO at Enzoic, has valuable insights to share with both businesses and individuals.

Q: What’s changed in the world of password security since 2021?

A: In some ways, not a lot: despite the increased availability of other forms of authentication, it’s clear that passwords are here to stay. Biometric authentication methods like fingerprint and retina scans, as well as the use of tokens and one-time passwords (OTP), are useful, but often rely on passwords at a deeper or backup level. 

Q: How can individuals and businesses “observe” world password day? 

A: While there are some personal password habits every individual can engage in, businesses do have different responsibilities when it comes to locking down user data and personal information. 

For individuals, it’s important to: 

1. Stop reusing passwords across multiple sites, accounts, and personal-professional boundaries 
2. Use a password manager to make it easier to have unique passwords (that you don’t have you struggle to remember) 
3. Enable MFA as a second layer whenever possible 

And for businesses and IT teams, consider: 

1. Employing modern password policies (consider NIST guidelines) 
2. Auditing for compromised credentials to determine your current vulnerability 
3. Providing ongoing training to employees on best practices

Q: What makes a strong password? 

A: Opinions on what a ‘strong password’ consists of have shifted over the years. One of the most damaging habits that the majority of users have is re-using passwords repeatedly, sometimes with small changes to satisfy requirements. Creating unique and memorable passwords is a stronger move, and using a password manager can help alleviate the pressure to remember them all. 

Businesses can also help users create stronger passwords. Removing character limitations and password maximum lengths is a good place to start, as well as getting rid of the complexity requirements (for example, forcing a user to create a password with a specific combination of lowercase and uppercase letters, a digit, and a special character) which has been shown to make passwords harder for users to remember but easier for hackers to guess. 

Q: What can companies do to keep users and employees safe?

A: Businesses of all types and sizes have an ethical and legal responsibility to protect their user’s data and personal information. From banks to healthcare organizations to public schools, enterprises need to take cybersecurity seriously and incorporate strategies and budgets into their business plans–ASAP. 

For small and midsize companies that may not have the budget for in-house IT staff, finding a service provider can be a good choice. Not everyone needs to be a cybersecurity expert–finding experts to assist with defensive password solutions can be an equally effective move. 

Q: Where can businesses find more information? 

A: No matter where you’re starting from, engaging with World Password Day is an opportunity to find resources, learn about the bad habits we all have, and connect with an expert. To get an idea of the state of passwords within your network, run a password audit. This will allow you to evaluate the reality for your company, and make informed changes to your password policies.