Each year on the first Thursday in May, we celebrate World Password(less) Day to bring global awareness for individuals and organizations to increase their password hygiene and overall online security in order to protect their digital identities. Though good cybersecurity practices and hygiene need to be a year-round effort, this day is important because it invites discussion on the latest industry trends impacting cybersecurity as a whole. It also helps encourage and focus on education, and serves as an important reminder for people to take actions to protect their online identities, data, and accounts, both personally and professionally.
Amid the rise of sophisticated cyberattacks like phishing and ransomware, we still continue to see reliance on traditional username and password – as well as legacy multi-factor authentication (MFA) tools like SMS-based authentication. These outdated practices leave thousands of businesses and individuals exposed to cyberattacks around the world. In fact, a recent Yubico study found a clear disconnect between the actions businesses are taking to stay secure amid the constant rising threats of sophisticated cyberattacks like phishing: 59% of enterprises reported experiencing a data breach last year, yet 91% are still relying on usernames and passwords as their form of authentication.
It’s been proven time and time again that not all MFA solutions are created equal, and now more than ever, education around how to stay secure from these attacks and what the available MFA alternatives are is critical. With 82% of data breaches due to phishing attacks targeting weak passwords, having MFA as a partner to your passwords is key.
We have been working with some best-in-breed partners who are helping to further this mission of cybersecurity education, including 1Password, an industry leading password manager and credentials security platform. To get a better understanding of 1Password’s mission and thoughts on the future of cybersecurity, I recently sat down with Anna Pobletts, Head of Passwordless at 1Password, to discuss the impact of World Password Day on the security industry, how and why 1Password and Yubico partner together, and the major themes that are unfolding such as what a passwordless future looks like.
What does World Password Day mean to you in terms of its impact for security?
World Password Day is an important reminder that good password habits and hygiene go a long way. The day seeks to promote the use of strong passwords and educate people on how to keep their accounts safe. However, we’re also asking humans to improve their own security within a system that makes it very hard to do so. People want to be secure, but creating complicated passwords and then remembering them, is nearly impossible and very prone to error.
Fortunately, innovative technologies like 1Password, YubiKeys and passkeys are making it easier for people to protect their digital identities. With passkeys, security hygiene is built into the technology – reducing the potential for human error and making it easier to maintain a secure digital presence.
As such, World Password Day is an essential initiative that helps highlight the importance of good password practices and showcases the need for technology to support these practices.
What do you think are the current biggest challenges associated with password management? How does 1Password and other MFA tools help consumers and businesses overcome them?
One of the biggest challenges associated with password management is the difficulty of creating and remembering multiple secure passwords. With the increasing number of online accounts and services, individuals have way too many passwords to manage. Between work and personal accounts, I have close to 200 passwords! This can be overwhelming, and as a result, people tend to use weak passwords or reuse them across multiple accounts, which puts them at risk of being hacked. Additionally, the human error factor is high when it comes to password management, as people may forget their passwords, write them down in insecure places, or share them with others.
Fortunately, products like 1Password and other phishing-resistant MFA tools like YubiKeys from Yubico help consumers and businesses overcome these challenges – and are even more impactful when used together. 1Password, for instance, creates and stores strong passwords for each account, making it easier for individuals to manage their passwords. Users only need to remember one master password, which is used to unlock the app and access their stored passwords.
When used together, phishing-resistant MFA tools, in general, provide an additional layer of security – requiring users to provide two or more forms of authentication to access their accounts. This makes it harder for hackers to gain unauthorized access, even if they have managed to obtain the user’s password.
What does a passwordless future look like to you? How close do you think we are to a passwordless reality?
A passwordless future is one where people can enjoy seamless, secure access to their digital accounts without the hassle of creating, remembering, and managing passwords. That’s what I love about passkeys, including hardware-bound options like YubiKeys – they offer a convenient and secure way to access accounts without relying on passwords. With passkeys, the authentication process is automatic and transparent, eliminating the need for users to set up multiple types of authentication or think up a strong password.
While the adoption of passwordless technology may not happen overnight, I believe it is inevitable. As more people become familiar with passkeys, they will begin to see the benefits and demand them in more of the services they use. In the meantime, platforms like 1Password can help manage the different types of authentication that are currently available and make the transition to passkeys smoother for both individuals and businesses.
What tips/advice do you have for consumers to stay secure amid the continued rise of sophisticated cyberattacks like phishing?
As the threat of cyberattacks like phishing continues to rise, it’s important for consumers to take steps to stay secure. My top advice is:
- Swap weak passwords for strong ones.
- Use phishing-resistant MFA tools like YubiKeys for your most important accounts like your financials, business services, email and password managers.
- Use a password manager like 1Password to securely store all your passwords.
- When possible, use stronger authentication methods like passkeys. We have a directory that keeps track of all websites and services currently offering passkeys.
- Don’t share your passwords whenever possible, and don’t reuse passwords.
For companies trying to adopt passwordless initiatives inside their organizations, where should they get started?
If a company is interested in adopting passwordless initiatives, it should start by identifying the applications that would benefit the most from the increased convenience and security that passwordless solutions provide. This could involve identifying the applications that employees log into frequently but don’t currently support Okta integration or looking for internal applications that could benefit from passkeys support. For customer-facing applications, it’s important to consider the impact that any changes may have on the user experience and to ensure that any new authentication methods are intuitive and easy to use.
Ultimately, the key to successful passwordless adoption is to approach it strategically and methodically, with a focus on identifying the areas where it will have the greatest impact and clearly communicating the changes to your customers to ensure better adoption rates.
1Password recently introduced the option for 1Password Business admins to enforce MFA security with security keys like the YubiKey inside their organizations, making you the only major password manager that gives the choice to enforce FIDO2/WebAuthn hardware security keys in this way. How do you think Yubico and 1Password together can help companies with their passwordless strategic initiatives?
We believe in human-centric security and feel that giving admins more choices about how to protect their organization is always the right thing to do. As members of the FIDO Alliance, we are also already working together to accelerate the adoption of passwordless technology. In order to ensure a consistent user experience, it’s important for passkey and security key providers to work together closely.
Yubico and 1Password are both providing excellent cross-platform experiences for passwordless, and they should continue to be vocal leaders in the push towards passwordless authentication. By combining our expertise and resources, we can help companies implement secure and convenient passwordless solutions that will benefit both employees and customers alike.
What are some good and easy to understand resources for the everyday consumer that would enable them to become more secure?
We recommend checking out the below resources on our site for more information on passkeys, which aim to give a better understanding of the technology and how to make informed decisions to stay secure:
For more information on how to use your YubIKey as a second factor for your 1Password account, check out our video here and 1Password’s page here. Additional information on passkeys can be found in our passkey resource guide here.