chat
expand_more

World Password Day: The Perfect Opportunity for a Security Check-up

Happy World Password Day! Learn why good password hygiene is important for every employee and how to reduce the risk of account takeovers.
May 4, 2023

Allow us to be among the first to wish you a Happy World Password Day!

Established in 2013 by Intel, World Password Day is observed on the first Thursday in May with the goals of raising awareness about the importance of good password hygiene and encouraging professionals to recognize the role that strong passwords play in securing their digital lives.

In honor of this important cybersecurity holiday, we’re answering a few important questions and sharing some valuable insights that we hope will help you improve password security in your organization and reduce your vulnerability to account takeovers.

Why is Good Password Hygiene Essential for Every Employee?

Employees at smaller organizations may assume that cybercriminals exclusively target large, multinational enterprises and, therefore, they feel adhering to password security guidelines can be less of a priority. In a similar vein, it’s not uncommon for employees at large, multinational enterprises to adopt an attitude of, “I’m one of 2,000. Why would a cybercriminal ever target me?” as a reason to be a bit more relaxed about password best practices.

Both assumptions are incorrect and put the company at risk of a cybersecurity incident.

Abnormal research as well as data from the 2022 FBI IC3 Report show credential phishing is the most common cybercrime for organizations of all sizes, across all industries. Additionally, while threat actors do often target specific roles within a business (such as executive team members and employees in the finance and HR departments), those are hardly the only employees who receive attacks.

In short, every employee at every organization is a potential target, which means every employee at every organization must prioritize good password hygiene.

What Are the Consequences of Poor Password Security?

At the heart of World Password Day is an emphasis on understanding that a single compromised password can cause a cascading effect with implications across the organization.

Consider the fact that 54% of all employees reuse passwords across multiple work accounts. If a threat actor successfully acquires one set of valid credentials, then in more than half the cases, they simultaneously have immediate access to several other portals or applications. This could result in instant access to private financial information and/or other valuable data—which can have particularly expensive ramifications. According to the IBM Security Cost of a Data Breach Report 2022, data breaches resulting from stolen or compromised credentials cost an average of $4.5 million. These breaches also had the longest lifecycle: 243 days to identify the breach, and another 84 days to contain it.

If the bad actor manages to gain access to an employee’s email account, they can easily reset passwords for almost every other account and work their way through the organization’s entire network. Poor password security can lead to attackers not only compromising business-critical systems and accessing sensitive databases, but also logging into collaboration apps like Slack, Microsoft Teams, and Zoom to launch additional attacks on other internal employees as well as vendors.

How Can Organizations Improve Password Security?

World Password Day is the perfect opportunity to discuss password security best practices with your workforce and identify ways to enhance password protection in your organization. Here are a few tips to reduce your vulnerability to account takeovers:

  • Enact strict password rules. This includes not allowing employees to reuse passwords, mandating regular password updates, and requiring passwords of an appropriate length with at least one upper and lower case letter, one number, and one special character.
  • Encourage employees to use a password manager. Employees often rely on simple passwords and reuse the same passwords because it’s more convenient. Providing an effective, user-friendly password manager that can generate and store strong passwords across devices offers employees the same convenience without the security risk.
  • Enable multi-factor authentication. To create even more obstacles between an attacker and unauthorized account access, ensure that multi-factor authentication (MFA) is enabled for all accounts. If possible, require employees to use an authenticator app like Google Authenticator or Duo, rather than relying on text messages as an authentication method.

How Can an Organization Stop an Active Account Takeover?

Understanding the importance of password security and ensuring you have the proper procedures and processes in place can go a long way toward preventing attackers from compromising employee accounts.

Unfortunately, without the right technology, your organization is still at risk of experiencing account takeovers. And once a threat actor has compromised an account, they can remain undetected for months.

Traditional security solutions can’t effectively detect email account takeovers in progress because they lack visibility into identity, behavior, and device attributes that indicate an account has been compromised. However, Abnormal observes and baselines normal end-user behavior, allowing it to recognize anomalies in user locations, devices, email content, and mail rules. If the platform discovers an email account takeover attack, it automatically remediates the account by immediately signing a user out of all open sessions, blocking access, and forcing a password reset.

Abnormal takes account takeover protection one step further by detecting compromised user accounts across Slack, Microsoft Teams, and Zoom. Once a compromised account has been identified, Abnormal provides security teams with a detailed timeline of suspicious authentication activity across collaboration applications, enabling analysts to investigate further and coordinate remediation.


See for yourself how Abnormal can protect your organization from email and email-like attacks. Schedule a demo today.

Schedule a Demo
World Password Day: The Perfect Opportunity for a Security Check-up

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More
B AISOC
Discover how AI is transforming security operation centers by reducing noise, enhancing clarity, and empowering analysts with enriched data for faster threat detection and response.
Read More
B Microsoft Blog
Explore the latest cybersecurity insights from Microsoft’s 2024 Digital Defense Report. Discover next-gen security strategies, AI-driven defenses, and critical approaches to counter evolving threats and safeguard your organization.
Read More
B Osterman Blog
Explore five key insights from Osterman Research on how AI-driven tools are revolutionizing defensive cybersecurity by enhancing threat detection, boosting security team efficiency, and countering sophisticated cyberattacks.
Read More
B AI Native Vendors
Explore how AI-native security like Abnormal fights back against AI-powered cyberattacks, protecting your organization from human-targeted threats.
Read More
B 2024 ISC2 Cybersecurity Workforce Study Recap
Explore key findings from the 2024 ISC2 Cybersecurity Workforce Study and find out how SOC teams can adapt and thrive amidst modern challenges.
Read More