SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
'World More Than A Password Day' initiative launches to strengthen cybersecurity
Mon, 13th Nov 2023

In an attempt to bolster global online cybersecurity, Nonprofit Cyber has launched the inaugural "World More Than A Password Day", endorsed by 90 organisations worldwide.

The global movement strives to highlight the necessity of strong online authentication and has also presented new password guidance for businesses and individuals.

According to recent studies, 80% of data breaches are linked to stolen or weak passwords, a catastrophic statistic that calls for more robust authentication methods. The landscape of cyber threats is more complex than ever, and since 43% of companies do not use multi-factor authentication (MFA), it is time for mechanisms to move beyond the traditional password.

The Cyber Readiness Institute (CRI) conducted a survey in October 2023, revealing that only 32% of small and medium-sized businesses (SMBs) enforce multi-factor authentication, showing a worrying gap between the awareness and implementation of MFA practices.

Karen Evans, Managing Director of the CRI and Co-Chair of the World More Than A Password Day steering committee, stresses: "World More Than A Password Day is an opportunity to raise awareness of this issue and encourage people to adopt stronger authentication methods."

Upon marking World More Than A Password Day, Nonprofit Cyber released "Protecting Your Accounts and Devices: Common Guidance on Passwords." These recommendations offer individuals and small businesses effective steps to boost their online security.

Philip Reitinger, President of the Global Cyber Alliance and Co-Chair of Nonprofit Cyber, says: "Using stronger authentication is one of the most effective and inexpensive steps that can be taken to secure organisations and people online."

"The purpose of issuing common guidance from many organisations is to increase the weight of the recommendations and to make clear that in substance, nearly every organisation is recommending the same steps."

"There is little to no confusion about what actions to take; rather, we need everyone to take those specific steps to protect everyone. The solution is not study but action," says Reitinger. 

Suggestions within the Common Guidance include the adoption of password-free authentication, like passkeys, the use of multi-factor authentication for email accounts, employing a hardware security key, authenticator app, or PIN as an additional security layer, utilising a password manager, selecting memorable and robust passwords using techniques like passphrases, and the action to change passwords if an account or device is compromised promptly.

World More Than A Password Day hopes to encourage a global movement. The day aims to help small businesses and individuals significantly strengthen their online security by promoting robust authentication methods, thereby creating a safer digital ecosystem.

Tom Brennan, Executive Director of CREST-Americas Region and Co-Chair of the Nonprofit Cyber World More Than A Password Day steering committee, says: "Embracing multi-factor authentication is a decisive step in safeguarding our assets. It's an investment in a triad of security: enhancing processes, empowering people, and leveraging technology to fortify our organisation's future."