FinTECHTalents' Password Protected: the Door to Digital Life

A very lively and expert Chatham House Rules discussion on this flawed cornerstone of Security

Our Founder & CEO, Robert Baugh, was delighted to be part of Password Protected: The Door to Digital Life, a very lively and expert panel on Passwords as part of the FTT Focus series from FinTECHTalents, on 16 March 2021.

Sponsored by Lastpass, the leading password manager and 2FA solution, the panel benefitted from a great deal of expertise across Security, Financial Services, Design and Privacy, and took on the thorny topic of passwords, brought into stark relief by the sudden move to remote working last year.  As FinTECHTalents note:

‘It is often said that we would never leave our front doors unlocked, but we effectively do just that in today’s digital world. The shift to remote working has increased the amount of business critical data and essential services that reside online. These are far too often left vulnerable due to weak and duplicated passwords. Humans, it turns are not good at remembering dozens of strong passwords and are susceptible to social engineering attacks.

Organisations are often stuck between seemingly opposing goals: How to reduce the risk of data breaches, with their inherent operating and reputational costs without increasing the friction to users work through the enterprise implementation of a modern password policy? How can enterprises best protect themselves, their data, and their end users identities while removing friction from accessing essential services necessary to the business?’

The discussion, under the Chatham House Rule, was very open and fast-flowing, with an actively involved audience, covering for example:

  • the average person has to remember 100 passwords, which is unsustainable,
  • password managers are a very effective (and cost-effective) solution to many of the CyberSecurity incidents that start with compromised passwords, by reducing the number of passwords to be remembered to just one,
  • further benefits are easier compliance with password guidance from the NCSC and NIST as well as helping against phishing attacks as they won’t recognise and auto-fill spoof websites,
  • 2FA is another super-simple and effective solution alongside password managers, in fact Microsoft report that 73% of passwords are reused and that Multi-Factor Authentication or MFA can solve 99.9% of password-based attacks.
  • CyberSecurity incidents made up 28% of personal data breaches reported to the UK ICO in Q3 2020 (their Q2 2020/2021), with the majority of those from phishing (10%), unauthorised access (7%), ransomware (6%) and brute force (1%).
  • Design has a key role to play in increasing adoption of Security practices.
  • Security practitioners need to be aware of the potentially disenfranchising effects of certain implementations, with varied skills, cultural context, and resources in populations in single countries, let alone across nations.
  • Gamification can really help to make the Security message break out of ‘boring’ and hit home with users.  Indeed, Robert noted that his introduction to password managers was through engaging training at a previous growth company, where teams competed to have the best password rating from the solution (which happened to be Lastpass).

Lastpass shared their Psychology of Passwords report – crammed full of excellent ammunition to help you get the message across to your colleagues – or convince you to use these excellent Security solutions in your home life, which is very entwined with work at present!

Regardless of the solution you decide is best for you, we strongly recommend that you implement a password manager and 2FA at home and at work.  And change your home wifi password!

Related Articles

Blog News & Awards
Never miss a trick with Keepabl's new Tasks module

Managing Privacy can be tough, and for those who’ve been given GDPR as part of their daily work – someone in IT, Ops or Compliance 90% of the time as…

Read More
News & Awards
How is Law handling GPDR?

Our CEO, Robert Baugh, reviews how Law is handling GDPR one year on, the data risks that law firms are running, and how to address them. Read the article online…

Read More