World Password Day: Comment by Satnam Narang, Sr. Staff Research Engineer, Tenable

“This World Password Day, I’m reminded of a string of articles over the last several months from retail to fast-food companies, where users of these sites found their accounts compromised as a result of credential stuffing attacks. Credential stuffing is a type of attack, where cybercriminals take user login credentials obtained from data breaches on other websites and services and use the same usernames and passwords on other websites and services. More often than not, these attackers will be successful using the stolen data, because many users tend to reuse passwords across multiple websites.

“The saying “use a strong and unique password” across each website stems from incidents like the ones mentioned earlier. It’s not easy to manage several hundred passwords, which is why it is important for individuals to leverage tools like Apple’s built-in keychain for saving passwords, as well as using professional password management solutions. These tools can help users generate strong and unique passwords that they don’t have to remember, and they can use browser extensions to auto-fill their credentials into the right website.

“Despite this sage advice, it’s also important to remember that breaches and phishing attacks are still common, so it’s not just about creating strong and unique passwords. Leveraging features like two-factor or multifactor authentication (2FA and MFA respectively) can help users ensure their accounts remain secure even if their passwords are exposed somehow.

“Some sites offer password-less sign-on, which leverages a second factor such as a phone, to help facilitate logging in without passwords. This isn’t as widespread of a feature across many websites, but it’s another solution to help address some of the challenges posed by passwords alone.”– Satnam Narang, Sr. Staff Research Engineer, Tenable