By Manu Sharma
World Password Day is commemorated every year on the first Thursday of May, dedicated to raising awareness about the importance of strong passwords and the role they play in keeping our digital lives secure. In today's digital age, where a large part of our lives is spent online, protecting our online accounts and personal information with strong passwords is crucial. This year's World Password Day aims to educate individuals and organizations about the latest best practices in password security and encourage them to adopt stronger password habits.
As the menace of cyberattacks looms large over our increasingly digital world, it becomes imperative for individuals and organizations to stay abreast of the latest technological developments and cutting-edge security measures. In a recent interview, we had the opportunity to pick the brain of Mr. Karmendra Kohli, a distinguished luminary in the cybersecurity domain and the CEO & co-founder of SecurEyes, a renowned company that offers cybersecurity consulting, services, and products. Mr. Kohli's unparalleled proficiency in the field enables him to share profound insights on the current state of cyber threats and the latest advancements in cybersecurity technology, shedding light on how individuals and businesses can outsmart the nefarious tactics of hackers and safeguard their invaluable digital assets.
SecurEyes is an illustrious and preeminent enterprise that specializes in delivering cutting-edge cybersecurity solutions, encompassing consulting, bespoke services, and avant-garde products, and also extends its ambit to provide comprehensive cybersecurity training and education.
Siliconvillage.com : What is the significance of observing World Password Day, and how does it help create awareness about the importance of strong password security?
Karmendra Kohli :
Passwords are still the most popular authentication technique used across the globe and are also one of the weakest security techniques being used.
World password day emphasizes the need to ensure strong data protection mechanisms are enforced in view of the latest cyber security attacks happening across the globe and size of data breaches and their impact on organizations.
World Password Day is a reminder to celebrate strong data protection mechanisms.
World Password Day is celebrated to provide a warning to the world, and also to spread awareness that taking care of your passwords is vital to protecting yourself against identity theft.
Digitization has exposed the information processing systems to attacks beyond physical boundaries and Strong passwords are imperative to keep your information safe from malicious attackers.
Siliconvillage.com : What are some innovative ways that individuals and organizations can ensure the security of their passwords without relying solely on traditional authentication methods?
Karmendra Kohli :
Ensure each account has a separate password and change passwords frequently.
Use passphrases that are easy to remember instead of easily guessable passwords.
Ensure passwords are at least 12-15 characters in length and is made up of a combination of Alphabets, numbers and special character.
Avoid using guessable names (family, pets) and dates (date of birth of family members) as these can be easily guessed.
Use multi-factor authentication were ever required in addition to passwords.
Siliconvillage.com : How are advancements in biometric technology impacting the way that individuals and organizations approach password security?
Karmendra Kohli : Advancements in biometric technology are having a significant impact on the way that individuals and organizations approach password security. Biometric technology is becoming increasingly popular in many sectors, including banking, healthcare, and government, to enhance security as biometric data is much more difficult to replicate or steal than traditional passwords or PIN codes. But the implementation of Biometric authentication solutions is more expensive, so the use of such techniques is still limited in comparison to password-based security.
Siliconvillage.com : What ethical considerations should be factored in when implementing additional security measures, such as facial recognition or FIDO security keys, to enhance password security?
Karmendra Kohli : All Biometric authentication techniques collect and use Personally identifiable information (PII) data that can be used to identify an Induvial and may result in violation of data privacy requirements if not handled appropriately. Also, collecting or using such PII without the consent of the user may lead to violation of certain laws and regulations resulting in fines and penalties. Any misuse of such data can also violate the rights of citizens and allow adversaries to perform unauthorized surveillance and may have grave consequences.
Siliconvillage.com : How are hackers evolving their methods for cracking passwords, and what can individuals and organizations do to stay ahead of these threats?
Karmendra Kohli : Hackers are continuously coming up with new methods for cracking passwords as technology advances and new security measures are put in place. Some of the common methods used by hackers to crack and steal passwords include brute force attacks, dictionary attacks, and phishing scams.
With the advent of new and strong Graphics Processing Unit (GPU) processors, passwords cracking software has evolved to utilize the power of these GPUs to crack the passwords faster than conventional CPUs. As per a recent survey, current GPUs in the market can crack over 6000 passwords per second in comparison to a conventional CPU.
Brute force attacks involve using automated software to try every possible combination of characters until the password is cracked. Dictionary attacks use a list of commonly used passwords or words that may be used as passwords. Phishing scams involve tricking individuals into revealing their passwords through social engineering tactics.
To ensure individuals are protected against such attacks, it is important for users to understand the significance of strong passwords that are longer than 12-15 characters, use combination of Alphabets (upper & lower case), numbers and special characters. It is important to note that known English words that are related to users, like names of pets, family members, date of birth etc. which are easily available on social media should be avoided. Any AI based password cracking tool has the capabilities to identify and guess these passwords. Users must ensure the use of multi factor authentication and not just rely on passwords.
Also, to avoid falling prey to phishing attacks users must avoid opening email attachments or clicking on links.
Siliconvillage.com : What impact has the widespread use of remote work had on password security, and what steps can organizations take to protect their data in this new work environment?
Karmendra Kohli : Recent changes in the work environment after COVID pandemic had a significant impact on password security as workers were allowed to access organizational assets and data from remote locations. Along with other mechanisms, passwords remained the most important factor for user authentication. Some of the risks that were seen to password security include: sharing of passwords with colleagues or family, stealing of password due to use of insecure devices, insecure network connectivity, compromised systems, different levels of password security controls than the ones provided by trusted company networks.
With BYOD becoming popular, personal devices are used and shared between multiple family members with varying understanding of security which may compromise the security of the organization in turn.
Organizations can ensure the use of VPN to access secure assets over insecure internet.
Using MDM (mobile devices management) software will ensure consistency of security controls implementation across all mobile devices within the organization.
Implement two-factor authentication and ensure alerts are sent to users about the access to critical resources from their accounts.
Enforce a strong password policy and ensure passwords are frequently changed.
Ensure all users’ activity is logged and monitored as required.
Siliconvillage.com : How can individuals and organizations balance the need for strong password security with the need for time efficiency?
Karmendra Kohli :
Consider the use of Password Manager software wherever necessary to ensure a smaller number of passwords have to be remembered and passwords are securely stored from attackers.
Organizations can implement Identity access management and Privileged Identity management and Single Sign ON (SSO) software to ensure passwords are automatically managed and updated by the software with minimum involvement of users and eliminate the effort of users to remember multiple passwords across various accounts they use on a daily basis.
Also, it is suggested to use separate passwords for each account and not repeat the passwords.
Use multi factor authentication in addition to passwords, e.g., OTP, Authenticator app.
Use passphrases to create strong and easy to remember passwords.
Lastly it is suggested to frequently update the passwords and check if your account details are found in any breach database.
Siliconvillage.com : What role do government regulations and industry standards play in setting best practices for password security, and how can individuals and organizations stay up to date with these guidelines?
Karmendra Kohli : Regulations from Govt entities and industry regulators plays a key role in enforcing security best practices that may otherwise be ignored by both organizations and individuals. Enforcing strong security requirements and practice of levying fines for non-compliance has ensured that all organizations provide the minimum baseline security controls to ensure the data of their clients, employees, suppliers and end users is secured, e.g. ensuring minimum length of password, forcing the use of Second factor authentication for critical activity, ensuring users are informed if their passwords are found in password breach databases, these help individuals in identifying and following best practices securing their personal and organizational data.
Most regulators publish any new regulations or changes/updates/amendments to regulations periodically on their web portals. Additionally, social media platforms have now become a great medium to stay updated about new regulations. Usually, summaries of the new/changed regulations are published on social media platforms like Linked-In, twitter and Instagram that provide links to the detailed regulations or guidelines.