The Coalition Of Non-Profit Organizations is releasing the second version of the Common Guidance on Passwords with 132 signatories globally.
November 12, 2024—Protecting your online identity and data has never been more critical. “More Than A Password Day” is a global movement that aims to highlight the importance of stronger online authentication and rally support for essential password guidance for businesses and individuals.
Urgent need for stronger authentication
Recent data from the Cyber Readiness Institute’s 2024 Global Survey reveals that awareness and implementation of multi-factor authentication remains incredibly low among small and medium-sized businesses. Nearly six in ten small and medium-sized businesses (58%) remain unaware of the essential role multi-factor authentication plays in cybersecurity, and only 35% worldwide have implemented multi-factor authentication, leaving millions of user accounts unprotected and vulnerable to unauthorized access. Additionally, fewer than one in five small and medium-sized businesses enforce multi-factor authentication requirements internally, and a whopping 85% of small and medium-sized businesses do not require it for third parties, partners, suppliers, or customers accessing their systems—an oversight that increases their exposure to potential breaches. (Link to CRI report).
“More Than A Password Day” is not just a reminder, but a call to action. With identity-based threats on the rise and legitimate credentials accounting for more than half of cyberattacks on critical infrastructure, according to the U.S. Cybersecurity and Infrastructure Security Agency, it’s imperative that businesses take action to protect themselves and their stakeholders.
This year, “More Than A Password Day” represents a pivotal moment for adopting stronger identity management practices and encouraging widespread implementation of multi-factor authentication. In addition to spreading good practices, this year we also welcome the implementation of multi-factor authentication on new platforms.
“In today’s landscape, identity threats continue to rise, and it’s critical that we embrace multi-factor authentication and proactive identity governance measures to stay ahead of attackers. “More Than A Password Day” calls on every organization to reflect on and strengthen its identity protection strategies—not only to safeguard their systems but to protect the privacy and trust of their users and customers. Today, we’re taking the first steps towards mandatory multi-factor authentication for all OWASP accounts,” said Andrew van der Stock, Executive Director at OWASP Foundation. “
A review of the Common Guidance on Passwords
Nonprofit Cyber today released an updated version of the Protecting Your Accounts and Devices: Common Guidance on Passwords. These comprehensive recommendations are designed to provide individuals and small businesses with accessible and actionable steps to improve their online security.
The Common Guidance on Passwords has already been endorsed by 132 organizations worldwide. Signatories include nonprofit cybersecurity and privacy organizations, companies, intergovernmental organizations, and government organizations themselves. We urge others to sign up to and implement this guidance.
Overview of the Common Guidance
- Use Password-Free Authentication: Opt for password-free (passwordless) authentication, such as passkeys. Passkeys are not only simpler to use but also more secure than traditional passwords.
- Secure Your Email Account: If using password authentication for email accounts, use a very strong password and multi-factor authentication.
- Add an Extra Layer of Security: Employ a hardware security key, authenticator app, or PIN via SMS as a “second factor” in addition to your password.
- Use a Password Manager: A password manager can help you create and store strong passwords for all of your online accounts.
- Use Recommended Techniques to Pick Passwords: Select strong and memorable passwords through techniques like passphrases or the “Three Random Words” method.
- If You Are Hacked: Promptly change passwords if any of your devices are compromised or if an online service you use is hacked. Avoid reusing passwords and consider subscribing to services like https://haveibeenpwned.com/
Join the global movement
“More Than A Password Day” is not merely an observance; it is a global movement. Individuals, organizations, and communities worldwide are encouraged to participate by taking actions that make protecting online accounts and devices more secure, such as raising awareness, regular membership or stakeholder communications, and implementing the use of stronger authentication methods.
“More Than A Password Day isn’t just about a single day of awareness—it’s about an ongoing commitment to improving digital security for everyone. It’s a shared responsibility, and today is a great reminder of the impact we can make together,” said Tony Sager, Co-Chair of Nonprofit Cyber and Senior VP at the Center for Internet Security.
This global effort spearheaded by Nonprofit Cyber aims to empower all individuals and small businesses to fortify their online security, contributing to a safer digital ecosystem for everyone.
Join #MoreThanAPasswordDay, and together, let’s redefine online security for a safer digital world.
Learn more
For detailed information on “More Than A Password Day” and access to the “Common Guidance on Passwords,” please visit https://nonprofitcyber.org/common-guidance-on-passwords/.
More about Nonprofit Cyber
Nonprofit Cyber is a coalition of global nonprofit organizations formed to enhance collective action to improve cybersecurity. All members of the coalition are nonprofit organizations that serve the public interest by developing, sharing, deploying, and raising awareness of cybersecurity best practices, tools, standards, and services.
Learn more at https://nonprofitcyber.org/ .
Media contact
Ms. Kayle Giroud, Global Cyber Alliance and Nonprofit Cyber Secretariat, kgiroud@globalcyberalliance.org
Share:
