Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security NewswireTechnologies & SolutionsSecurity Leadership and ManagementSecurity & Business ResilienceEnterprise Services

Make Change Your Password Day an impetus to boost overall cybersecurity

By Joy LePree Anderson
Computer log in screen

Image via Pixabay

February 1, 2023

While Change Your Password Day, falling on February 1, is a good reminder that passwords should be changed on a regular basis, security and IT experts agree that the day presents an opportunity to reinforce the importance of proper cyber hygiene throughout an organization and suggest using the day as a springboard to create a business case for implementing additional solutions that strengthen the cyber resilience of businesses and critical infrastructures.

In addition to following the standard practices of good password hygiene, including using a unique password for each account and system; creating a long password consisting of random words, phrases, numbers, symbols and a mix of upper- and lower-case letters; and considering employing a password manager, security experts say more than a new password is needed to ensure cybersecurity in the current attack climate.

“As passwords proliferate across networks and systems that users must access, it increases the risk of password reuse and the risk to a company’s data,” says Dylan Owen, Associate Director, Cyber Protection Services, with Raytheon Intelligence & Space. “Because of the increased deployment and support cost for alternative security initiatives, organizations are likely to continue to use passwords, despite the argument that decreasing risk exposure would pay for itself in the long run.

“Instead, organizations should utilize multi-factor authentication with a physical device/token to simplify the problems that arise with passwords for authentication, while reducing the amount of ‘friction’ for a user,” he continues. “That said, if an organization can’t afford to do this and has to use passwords, providing a password manager to users would be a step in the right direction. This would cut down on password reuse by generating complex, unique passwords for each system, which would be stored securely in the password manager.”

Glenn Mulvaney, VP of Cloud Operations, Clumio, agrees that more steps are needed: “Implementing enforceable password practices is just one critical component of what should make up an organization’s security hygiene. Businesses must implement a series of technical mitigations to effectively bolster their arsenal of cybersecurity and data protection with continuous engagement and education for employees.”

He continues: “While multiple layers of security are a must, organizations must prioritize training employees on security hygiene such as proper password management, as well as the ability to identify and report malverts, spear phishing, trojans and malware. CISOs themselves need to think about security hygiene holistically in response to expanding threats. This should include engaging employee training alongside limiting permissions to the principle of least privilege, multi-factor authentication, credential rotation, encryption of sensitive data, periodic decoy tests and interactive communications.”

And, Theresa Lanowitz, Head of Cybersecurity Evangelism with AT&T Business, adds that newer security technologies need to be employed to ensure the security of modern systems. “Security hygiene is one of the biggest steps anyone can take to protect themselves, their business and their data. As we move to more types of edge devices that are not keyboard driven, we should expect multi-factor authentication (MFA) to come via biometrics. While the use of biometrics to authenticate identity is not new, advancements in digital twins and deepfakes mean there is a need to secure our own physical identities as well,” says Lanowitz.

She provides an example: “Consider autonomous vehicles that have built-in MFA in key fobs. Internet of Things (IoT) devices are frequently ‘set and forget’ with a default password that may be as simple as ‘1234,’” she explains. “It is easy for attackers to guess or have knowledge of the default password. This means the adversary can execute distributed denial of service (DDoS) attacks or gain access to the network by moving laterally via an IoT device with a default password. It makes sense that passwords, MFA and device authentication are utilized in new endpoints such as autonomous vehicles since there are no direct inputs into vehicle networks; however, it also means endpoint detection and response (EDR), managed detection and response (MDR) and extended detection and response (XDR) are seen more often as a requirement.”

In addition, because passwords have proliferated in critical infrastructure — guarding industrial control systems, remote access connections and workstation and jumpbox accounts — sectors including energy, utilities, defense, transportation and manufacturing rely on a patchwork of passwords, says Duncan Greatwood, CEO at Xage Security. “This ‘Change Your Password Day,’ the message to cybersecurity leaders should be that it’s time to transition from unmanaged identities, static passwords, inconsistent access control, single points of cybersecurity failure and no-factor or single-factor authentication to consistent, managed, multi-factor authentication and resilient multi-layer access protection.”

Because attacks on real-world operations can cause major system shutdowns, impacting crucial services and community safety, as well as the operators’ bottom lines, Greatwood stresses the importance of beefing up cybersecurity beyond traditional password strengthening. “These complex environments, filled with distributed, legacy technologies are hard to secure,” he says. “The unfortunate truth is that operators may be unable to enforce even single-factor password-based authentication consistently. Common practices of credential re-usage, password weakness and lack of password management and role-based access control are major pitfalls, leaving industrial organizations open to attacks.

“This creates an urgent need for security solutions that can keep critical infrastructure systems secure and online. The answer is not as simple as changing a password or upgrading to multi-factor authentication (MFA). There is an escalating trend of MFA fatigue attacks, not to mention that some of the industrial systems are not inherently equipped to support MFA,” continues Greatwood. “To bring the password patchwork under control, critical infrastructure needs identity-based, multi-layer MFA and access control designed specifically for real-world operations. They need identity and managed access control that combines zero trust approaches with non-disruptive deployment options such as an overlay mesh to protect a mix of new and legacy assets. With this approach, compromise of an individual authentication factor doesn’t allow the hacker to infiltrate further assets, systems or applications. Instead, operators can enforce granular access control down to an individual operational site or even a singular OT asset, allowing user and app access solely to specified authorized devices. Layered MFA and access enforcement empower organizations with critical infrastructure to deploy defense-in-depth, keeping crucial systems online by blocking or containing breaches.”

Despite the need to do more than change a password to secure businesses and critical infrastructure, Change Your Password Day can and should still serve as a springboard for reminding employees and the C-suite of the importance of strong passwords and the necessity of further security measures.

“While cybersecurity tools have gotten more sophisticated, security hygiene hasn’t kept up,” says Mulvaney. “At the very least Change Your Password Day should serve as a reminder to refocus practices surrounding security hygiene and reinforce cyber policies that include enforcing strong password practices."

KEYWORDS: access control biometrics business critical infrastructure cybersecurity multi-factor authentication password management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Joy lepree anderson 2023

Joy LePree Anderson is a former Associate Editor of Security magazine.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • pipeline in winter

    Critical infrastructure cyberattacks: An impetus for identity-first security

    See More
  • cyber-security-freepik1170x658v486.jpg

    Two words will change your cybersecurity in 2022

    See More
  • More than 2.5 million people use "123456" as their password

    If your password is 123456, it's time for an update

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing