May 03, 2024 | Blog

In the digital world, where your digital identity is essential, your password serves as the first line of defense against cyber-attacks and online threats—the first step towards your safety and security. In this time and age, hackers and cyber threats are rampant, becoming more alarming than ever as we enter a new dawn of digital transformation. From a business point of view, organizations and businesses should be more concerned and proactively participate in helping everyone secure and protect their data and information because, after all, the safety of your employees, clients, and business partners should always be your number one priority.

Last year, the Philippines ranked fifth based on data breach count since 2004, while it stood at 17th. According to the report, Data from Surfshark showed that 24 million accounts in the Philippines have been compromised since 2004, making the country with the second-highest count in Southeast Asia. Even the most advanced country in the region, Singapore, experienced and became a victim of data breaches last year in the Marina Bay Sands fiasco, where an “unauthorized third party accessed its customer data of about 665,000 non-casino rewards program members”. 

In celebration of World Password Day, IT Group, Inc. (ITG), the leading IT Solution Partner in the Philippines and ASEAN region, supports the advocacy of this celebration. With over 20 years of experience and expertise in the Tech Industry, we share some of the best practices on how you can help spread the awareness of creating a strong, secure, and unique password. 

Also read: World Data Privacy Day I

GUIDE: 5 Easy Steps to Create a Strong Password

• Be Creative, Smart, and Unique

• Change Your Password Regularly  

• Diversify Your Set of Passwords 

• Secure it Twice with Two-Factor Authentication   

•  Keep your Password Private 

Be Creative, Smart, and Unique 

Whether you have B2B transactions or B2C experience, a strong password is essential. According to the World Password Day celebration, “passwords are critical gatekeepers” to our digital identities.  It allows us to have online access to shop, date, socialize, work, connect, and communicate. So how exactly do you create a password that is strong and secure? Easy. Be creative, smart, and unique. In Cybersecurity 101: Why Choosing a Secure Password Is So Important, an article written by Walden University shared that the more complex the password is, the more protected your information will be from cyber threats and hackers.

The trick is to create a personalized and creative password that is easy to remember and unique to you. “Hackers use programs that cycle the most common, simplest passwords used. Because of this, your password should include a combination of letters, numbers, and symbols to increase its complexity. The more complex the password, the safer it is, ” they added. For example, instead of password123, you make it P@sSW0rd!23. The thought is the same, but the creativity of how you created it is totally different, making it robust for protection and harder for hackers to copy. 

Change Your Password Regularly

Another easy way to ensure safety in the long run is to change your password regularly. But how often should we change our passwords? According to cybersecurity experts in the McAfee shared article, it should be every three months. The immediate need, however, to change your passwords is possible if and when your account is under threat, attacked, or hacked. Human errors like forgetting your current password also happen from time to time. But whatever category it is, customers and, most importantly, businesses should always be vigilant when things like this happen. Hackers are more likely to take advantage of this situation to get someone’s personal information when customers have a challenge changing their passwords.

That’s why businesses should invest in software that is an easy but effective way to help clients change their passwords without trouble and hassle. It also applies internally to companies that want to invest in their IT and cybersecurity systems. ManageEngine, ITG’s solid technological partner for cost-effective and efficient IT Management Solutions, has a diverse portfolio of cybersecurity services, especially when it comes to password management, like ADSelfService Plus and Password Manager Pro. 

ADSelfService Plus 

ADSelfService Plus is a web-based self-service password reset and account unlock solution. It also includes features like multi-factor authentication for self-service password resets/account unlocks, ADSelfService Plus portal logins, password expiry notifier, password policy enforcer, and real-time password synchronizer. At its core, ADSelfService Plus has the following:

• Password management and security 

• • • Password self-service
    • Password expiration notification
    • Password policy enforcer  

• Multi-factor authentication 

• • • MFA for endpoints 
    • MFA for cloud applications 

• AD self-service

• • • Directory self-update 
    • Corporate or employee directory search 
    • Email group subscription 

• One Identity

• • Enterprise single sign-on 
  • Real-time Password Synchronizer

Password Manager Pro 

Password Manager Pro is an enterprise-grade password manager that provides centralized management of enterprise credentials. It goes beyond just vaulting sensitive credentials to streamlining privileged account governance by enabling administrators to take control of the actions performed with those passwords. Password Manager Pro has the following features: 

• Secure password vault
• Robust access controls 
• Periodic password rotation 
• Non-human identity management 
• Application-to-application password management 
• Secure remote sessions 

Also read: ManageEngine’s Best Practices for Cybersecurity   

Diversify Your Set of Passwords

For those with multiple accounts on different platforms, diversifying their passwords is not only advisable but essential. The risks of not doing so are significant, as we’ll explore further. Usually, one password per account per platform. But what if you have multiple accounts on different platforms? Let’s say you have multiple accounts in different banks. Each bank and account is created based on your specific needs, with its own set of passwords. Some people tend to use one single password and username for all their bank accounts, but the weak link happens when we are overly confident that hackers can’t infiltrate the account, as if using this technique ensures complete security and safety. 

It’s important to understand that hackers, historically and strategically, don’t just copy your password, they use it to access the rest of your digital identity. This includes your bank account, social media, emails, and more. Diversifying your passwords means creating a unique password for each platform. For instance, your Facebook password could be P@sSW0rd!23, while your Instagram password could be P@ssW0Rd!23. The key is to keep them relatively simple for you to remember yet unique enough to deter hackers. 

When considering solutions, it’s crucial to prioritize the end users’ experience. This not only enhances B2B transactions but also improves the B2C experience. ManageEngine’s ADSelfService Plus, as mentioned, offers password management and security for businesses, capturing three critical aspects: password self-service that secures password reset and account unlock without help desk intervention or tech support, password expiration notification that reminds users about their impending password expiration via SMS, email, or push notifications, and password policy enforcer that customizes fine-grained password policies at the organizational unit and group level for different users across multiple platforms. These features are designed to be user-friendly and convenient, making them perfect for companies that want to robustly and automate their cybersecurity.

Also read: World Data Privacy Day Part II

Secure it Twice with Two-Factor Authentication  

One of the worries of many organizations regarding a secure customer journey is the exhaustion or possibility of a dragging experience to change passwords due to the many securities needed to push a transaction. One of the best examples is when you’re logging in to a Google account on another device and need to use the Google Authenticator app to get a code on your phone after you put in your actual Google password. In fact, businesses should invest in the two-factor authentication (2FA) process, whether for customers or employees. 2FA doubles the security as it gives a personal identification number (PIN) sent to a person’s account, mainly a personal phone number or email address that only they can verify.

The good thing about this process is that it creates a sense of security, as only the user can access those pins. If any person, aside from the user or customer, tries to log in, the actual holder of the account will be notified immediately. It is a win-win scenario for the customer as they continue their transactions worry-free while the company builds a reputation that protects the data and information of their customers. Meanwhile, the most secure way for businesses to protect their customers’ data and information and never be at risk of possible internal hacking or data breaches is for the companies to invest in Multi-factor Authentication (MFA) for their employees. It’s the same idea, but this time, it’s more sophisticated, calculated, and automated to verify that only authorized users can access sensitive data and information when needed for reports, data gathering, or business decision-making. ManageEngine’s ADSelfService Plus has an MFA for endpoints such as Fortify Windows, macOS, Linux, VPN, and OWA logins with MFA by choosing from over 18 methods, including biometric and time-based one-time passcode (TOTP) apps. These will help protect your company from the inside out and fortify your cybersecurity. 

Also read: World Data Privacy Day Part III

Keep your Password Private 

Passwords are part of everyone’s digital lives. They are exclusive and private for you, which means they guard something important to know about you—your data and information. On a business scale, why do companies invest in and practice cybersecurity? It’s because they protect their customers’ sensitive data and information as they’ve entrusted them during business or customer transactions. In an article shared by McKinsey and Company about Building security into the customer experience, it takes two to tango to ensure the utmost security between a company and its clients and/or customers; however, organizations should always create a proactive experience that builds trust and security for their customers.

“Regulators are pressing organizations to secure the customer journey and to give more data privacy and flexibility in terminating accounts. Many organizations collect and use customer data to offer personalized digital experiences, but they have not taken effective measures to prevent the risks that data breaches pose to their customers’ privacy,” they said.“Customers, meanwhile, expect an easier digital experience, including fast authentication and log-in, as well as seamless web and mobile interactivity. Companies that are able to offer all this while maintaining strong security standards will gain customer loyalty. An experience-driven secure journey can even become a competitive advantage.”

Connect with the Tech Experts

In celebration of World Password Day, IT Group, Inc. and our technological partner, ManageEngine, promote good habits of creating strong and secure passwords and cybersecurity awareness for all. ITG has four regional offices in the ASEAN region, promoting digital transformation and cybersecurity in the Philippines, Indonesia, Malaysia, and Singapore. To date, we have 200+ clients across the region and a solid portfolio of 250+ successful projects.

ITG has been the leading technology partner for system-wide innovative solutions to accelerate your business plans and goals, delivering seamless integrations and processes, from Business Management Solutions, IT Management, Integration & Automation, and Enterprise Data Management to IT Infrastructure.  We help clients across the region experience digital transformation in their business, co-creating and co-owning solutions tailored to their business needs, especially when it comes to cybersecurity. Along with our Tech Experts and partners, like ManageEngine, we can help you combat cyber threats by being proactive and listening to your business and security needs. 

Let’s Venture Together and learn more about how we can help you.