SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Cybersecurity
#
Passwords
#
World Password Day

The importance of strong passwords and physical access control: A guide for World Password Day

Today
By Gallagher Security

Introduction 

Every year, World Password Day serves as a reminder of the importance of securing both our online and physical spaces. Just as passwords protect digital assets, physical access control systems safeguard buildings, equipment, and sensitive areas from unauthorized entry. Despite advancements in security, many individuals and organizations still rely on weak or outdated security measures, leaving themselves vulnerable to breaches. In this article, Gallagher Security, Senior Information Security Analyst, Connor Jack explores key aspects of password security, common mistakes to avoid, and best practices for protecting both virtual and real-world assets. 

Understanding password security 

Password security refers to the methods and practices used to protect digital credentials from unauthorized access. This includes using complex and unique passwords, safeguarding credentials with tools like password managers, and applying multi-factor authentication (MFA) to add layers of protection. Good password hygiene is essential for minimizing cybersecurity threats. 

The importance of strong passwords 

A weak password is like leaving a spare key under the doormat once an attacker knows where to look, they can easily break in. Similarly, failing to secure physical entry points can lead to unauthorized access and security breaches. Weak passwords continue to be a major cause of security breaches. In 2024, the global average cost of a data breach reached $4.88 million, marking a 10% increase from the previous year and the highest total ever (IBM 2024). A study by Secureframe found that the average person manages about 255 passwords, with 168 for personal use and 97 for work accounts (Secureframe). Meanwhile, JumpCloud reports that 60% of users reuse passwords across multiple sites (JumpCloud). These habits significantly increase the risk of password-related breaches. 

Common password security threats 

Cybercriminals use various techniques to compromise passwords: 

  • Brute force attacks: Automatically guessing passwords by trying numerous combinations. 

  • Credential stuffing: Using stolen username-password pairs to access other accounts, like trying a stolen key on many doors. 

  • Phishing attacks: Tricking users into revealing passwords, like a burglar pretending to be a delivery person to gain access. Cyber criminals create believable websites or fake login fields that record the information you type in, giving them exactly what they want. 

Creating strong and unique passwords 

Strong passwords are at least 12–16 characters long, include upper and lower-case letters, numbers, and symbols, and do not use easily guessable information like birthdays or pet names. Avoid reusing passwords across multiple accounts and consider using a password manager to generate and store complex credentials. 

The role of password managers 

Password managers help users maintain password security by securely storing login information and generating strong, unique passwords. They simplify credential management, especially given that the average person handles over 50 passwords. However, because password managers store access to all your accounts in one place, they become a high-value target for attackers.  

It's crucial to secure your password manager with a strong, unique master password and enable multi-factor authentication where possible. Doing so ensures that even if a device/account is compromised, the vault remains protected. Regular updates and using a reputable password manager are also essential steps in safeguarding your digital identity. 

Multi-Factor Authentication: An essential layer of security 

Multi-factor authentication (MFA) adds an extra layer of protection by requiring users to provide additional verification like a 6-digit roll over code generated by an app in a phone or a desktop. biometric scan along with their password. MFA significantly reduces the risk of unauthorized access, even if a password is compromised. 

Regularly updating your passwords 

Passwords should be updated periodically, especially after a suspected breach or if reused across services. Changing passwords every 3–6 months is what is known as "good-practice," and avoiding repeated use helps mitigate long-term exposure to credential theft. Most password managers offer built-in tools to generate strong, complex passwords whenever you create or update credentials. These tools help ensure your new passwords meet high security standards. If you don't use a password manager, you can generate secure passwords using trusted online tools from providers like Bitwarden, LastPass, or 1Password. Whichever method you choose, always verify that the password is unique and hard to guess. 

Best Practices for Password Recovery 

Secure password recovery processes are crucial. Use recovery emails or authentication apps you can trust. Avoid security questions with easily discoverable answers and never reuse recovery credentials across different platforms.  

The future of passwords: Moving beyond traditional credentials 

The security landscape is evolving, and traditional passwords may soon be on their way out. New technologies are offering safer and more convenient ways to prove who you are online. Among the most promising are passkeys, biometric scans, and hardware tokens. 

Passkeys are a modern alternative to passwords, think of them like digital keys stored on your phone or computer. Unlike passwords, they can't be guessed or stolen through phishing because they rely on a secure exchange between your device and the service you're logging into. They're also much easier for users: no need to remember or type anything in. 

Biometric authentication methods like fingerprint scans or facial recognition are already common in smartphones and are becoming more widely used across devices and services. Similarly, hardware tokens (like small USB devices) offer a physical way to authenticate your identity. 

Major tech companies like Apple, Google, and Microsoft are all backing this move to password-less authentication. Their goal is to make it easier and safer for people to access accounts without the common pitfalls of forgotten passwords or reused credentials. 

While the transition is still underway, it's important to continue using strong passwords and layering your security with tools like multi-factor authentication. Think of it as upgrading your locks while keeping a deadbolt in place. The future may be password-less, but today's best defense is still good password hygiene paired with modern tools. 

Simple steps to enhance protection 

World Password Day is an opportunity to reflect not just on the importance of strong passwords but also on the need for comprehensive security across all access points, digital and physical. Simple improvements such as using unique, complex passwords and implementing robust access control measures can significantly enhance security.  

Take this day as a reminder to review your security strategies, update them if needed, and educate employees about the importance of protecting both virtual and physical spaces. In an increasingly connected world, safeguarding your assets starts with strong security practices. 

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Microsoft's 2024 vulnerabilities hit record high, report says
SentinelOne tops Frost Radar for endpoint security in 2025
Hands-on review: Norton VPN Ultimate
Australian organisations have two key reasons to double down on data management
How to protect legacy medical devices from modern cyber threats
Top stories
Tracey Pretorius joins CyberOne board to boost strategy
Fuse partners with Check Point for real-time blockchain firewall
Ketan Tailor appointed as Barracuda's Chief Customer Officer
Trend Micro explores Russian cyber underground's influence
Google Threat Intelligence explains China’s evolving cyber tactics