According to a recent study, many of us still apply poor password management, which endangers governments, as well as businesses and individuals. This is a problem that concerns us all. Let’s take a closer look at the observed bad practices and existing solutions.
Password management problems within the government: Poor password management remains one of the major cybersecurity issues, which is also frequent within governments. What are the causes?
Firstly, bad habits are observed, such as not using a password manager and changing access codes too infrequently. A casual attitude and a lack of awareness of cybersecurity issues can also affect these organizations.
A recent study conducted by the British firm Censuswide for Onfido reveals that only 19% seek to create a different password for each of their online accounts in order to protect themselves from cyberattacks. This poor password management also concerns European governments, as well as public sector employees.
This lack of cyber hygiene is worrying, as hackers are constantly developing new techniques to steal sensitive information, some of which may be more easily accessible than it appears when the measures to protect a user’s personal information are not properly applied by the user.
The most common mistakes within governments, businesses, and in our personal password management remain:
Although thousands of credentials have been compromised online, many of us still use our passwords for multiple accounts or even all of them. It is true that this solution may seem less restrictive, facing the many access codes that are constantly requested in our personal and professional lives. To simplify things and save time, government officials and some of us wrongly opt for password reuse.
No barrier between professional and personal: These carelessly reused access codes become even more concerning when they are used on both professional and personal accounts. When a password is compromised, any other use of that password may be at risk and allow cybercriminals to access many sensitive pieces of information. Unfortunately, even within governments, passwords are said to be used both at work and on personal accounts.
Easy-to-guess passwords: In a study conducted by Spycloud, it is also learned that the main exposed passwords associated with government email addresses are particularly simple combinations to guess. Thus, “password”, “123456” and “12345678” are still widely used, although this type of password remains one of the biggest threats to our cybersecurity.
The Top 10 list of worst passwords examples
Few password changes:
The first study reveals that 21% of European people say they prefer to fill out their tax returns than create different passwords. However, regular password changes are part of the basic cybersecurity instructions regarding password management, a point that organizations, professionals, and individuals should strive to apply. Another striking fact is that some internet users continue to use the same password after a hack. Many of them ignore alert messages, exposing themselves again to cyberattacks.
Multifactor authentication is not an end in itself: For many of us, multifactor authentication seems to be one of the most effective solutions to deal with the risks of poor password management.
However, it is not a miracle solution, it is not infallible and can be circumvented by cybercriminals through the theft of session cookies. Multifactor authentication is an effective technique, which still has its limits when the targets are particularly attractive, particularly in the case of a government or a business.
Indeed, the SpyCloud study shows that nearly 74% of stolen government credentials are used to infect devices with malware. On the Dark Web, the sharing of identification information for employees of US and European governments is particularly profitable.
These practices and dangers concern us all. Despite this alarming data, many people still underestimate the dangers associated with poor password management in government, companies, and our personal lives. Government and company employees do not take this threat seriously or consider that cybersecurity is not their responsibility, hence the importance of making everyone accountable in this fight that concerns us all. One of the proposed solutions could be better employee training on cybersecurity risks and how to deal with them. These mistakes should be considered “professional errors” so that they are taken seriously by everyone and no longer affect the security of companies and organizations. At our level, it is also our duty to improve our knowledge and apply password management recommendations