When was the last time you changed your password?

Cybersecurity

How did you celebrate World Password Day? I hope it’s by checking your security measures.

The topic of authentication may have been around for a while but it can still cause some confusion.

With 630B+ authentication events handled by Microsoft every month (based on their Digital Defense Report 2020), we just can’t stop talking about secure access. Especially with phishing on the rise. In a survey by Microsoft, organizations reported 28% phishing attacks as successful.

And it’s not just attachments that put your people at risk – it can be apps, too.

But, most importantly, passwords are not as safe as people like to think they are. They can be up for grabs on the internet all too easily. A couple of weeks ago, Syhunt analyzed a massive leak named COMB that exposed:

  • 3.28 BILLION passwords (including 1.5 million government passwords)
  • 2.18 BILLION unique emails, across
  • 26 MILLION domains.

Yup. These numbers are staggering. But that’s the sad truth – passwords on their own are just not enough to keep secrets safe.

Want more updates like this? Leave your email address to get the latest insights every two weeks. Subscribe for free

This shows that authentication poses some problems that won’t just go away. So, here’s what you can do:

  1. Run some tests – check if your people know how to stay safe
  2. Check for leaks – go to Have I Been Pwned and set up notifications, so you’re the first to know if anything happens
  3. Go passwordless – eliminate the weakest link at the source
  4. Get supportcontact us, and we’ll get things set up for you.

On that note, check out this recent video where I explained different mechanisms of authenticating in the Azure cloud. It answers some of the most frequent questions that are asked in regards to Azure AD B2B, B2C, and the relatively new External Identities.


What are the available authentication services in Azure? Check out this explanatory video

But keep in mind – nothing will protect your resources if you don’t take care of them yourself. So always remember the basics:

  • If using passwords – enforce a strong policy and educate your people on cybersecurity matters
  • If going passwordless – go for security keys
  • And always use MFA! It’s one more hurdle for the bad guys who try to access your stuff.

If you have any trouble with these points, don’t hesitate to reach out.