Coalition of nonprofit organizations releases groundbreaking Common Guidance on Passwords with 90 signatories globally
New York: Safeguarding your online identity and data has never been more critical. “World More Than a Password Day” is a global movement to emphasize the importance of stronger online authentication and to release essential password guidance for businesses and individuals.
The Urgent Need for Stronger Authentication
“World More Than a Password Day” is not merely to raise awareness but to serve as a call to action. With up to 80% of data breaches attributed to stolen or weak passwords, the time has come to elevate our defenses, embracing stronger authentication methods that go beyond mere passwords.
In a world facing a complex landscape of cyber threats, relying on static and easily compromised passwords no longer protects our digital lives. Almost 43% of companies do not use multi-factor authentication (MFA), and individuals lag even further behind, with only 2.6% of active Twitter accounts embracing MFA methods. While 53% of U.S. Small and Medium-sized Businesses (SMBs) report being ‘very aware’ of MFA and its security benefits, a surprising 49% still do not implement it. This is particularly concerning given that only 32% of SMBs require the use of MFA, showcasing a significant gap between awareness and implementation, according to the findings of a survey conducted by the Cyber Readiness Institute (CRI) in October 2023.
With so many elements of our lives now online, this status quo is alarming.
“Passwords are a weak link in the cybersecurity chain,” said Karen Evans, Managing Director of the CRI and Co-Chair of the World More Than a Password Day steering committee.“ ‘World More Than a Password Day’ is an opportunity to raise awareness of this issue and encourage people to adopt stronger authentication methods.”
Introducing Common Guidance on Passwords
In conjunction with the inaugural “World More Than a Password Day,” Nonprofit Cyber is pleased to release Protecting Your Accounts and Devices: Common Guidance on Passwords. These comprehensive recommendations are designed to provide individuals and small businesses with accessible and actionable steps to enhance their online security.
“Using stronger authentication is one of the most effective and inexpensive steps that can be taken to secure organizations and people online,” said Philip Reitinger, President of the Global Cyber Alliance and the co-chair of Nonprofit Cyber. “The purpose of issuing common guidance from many organizations is to increase the weight of the recommendations and to make clear that in substance, nearly every organization is recommending the same steps. There is little to no confusion about what actions to take, rather we need everyone to take those specific steps to protect everyone. The solution is not study, but action.”
The Common Guidance on Passwords has already been endorsed by 90 organizations worldwide. Signatories include nonprofit cybersecurity and privacy organizations, companies, intergovernmental organizations, and government organizations themselves. We urge others to sign up for and implement this guidance.
Key Highlights of the Common Guidance
- Use Password-Free Authentication: Opt for password-free (passwordless) authentication, such as passkeys. Passkeys are not only simpler to use but also more secure than traditional passwords.
- Secure Your Email Account: If using password authentication for email accounts, use a very strong password and multi-factor authentication.
- Add an Extra Layer of Security: Employ a hardware security key, authenticator app, or PIN via SMS as a “second factor” in addition to your password.
- Use a Password Manager: A password manager can help you create and store strong passwords for all of your online accounts.
- Use Recommended Techniques to Pick Passwords: Select strong and memorable passwords through techniques like passphrases or the “Three Random Words” method.
- If You Are Hacked: Promptly change passwords if any of your devices are compromised or if an online service you use is hacked. Avoid reusing passwords and consider subscribing to services like https://haveibeenpwned.com/.
Join the Global Movement
“World More Than a Password Day” is not merely an observance; it is a global movement. Individuals, organizations, and communities worldwide are encouraged to participate by taking actions that make protecting online accounts and devices more secure, such as raising awareness, regular membership or stakeholder communications, and implementing the use of stronger authentication methods.
This global effort spearheaded by Nonprofit Cyber aims to empower all individuals and small businesses to fortify their online security, contributing to a safer digital ecosystem for everyone.
Tom Brennan, Executive Director of CREST-Americas Region and Co-Chair of Nonprofit Cyber World More Than a Password Day steering committee said, “Embracing multifactor authentication is a decisive step in safeguarding our assets. It’s an investment in a triad of security: enhancing processes, empowering people, and leveraging technology to fortify our organization’s future.”
Learn More
For detailed information on “World More Than a Password Day” and access to the “Common Guidance on Passwords,” please visit https://nonprofitcyber.org/common-guidance-on-passwords/.