Authored By: Jeffrey Kok, Vice President Solution Engineers for Asia Pacific and Japan at CyberArk.

Given all the accounts all of us maintain in the digital world, good password hygiene is a security measure that individuals and organisations alike must practice to defend against cyber threats. However, despite knowing the importance of unique passwords, we are all guilty of going against it and repeating the same passwords for convenience, as well as other reasons. This Cybersecurity Awareness Month, we are conducting a month-long effort to raise awareness on the importance of strong cybersecurity practices. And, yes, it is the perfect time to rethink and change our passwords.

As digital citizens, we have the responsibility to surf the internet responsibly and securely. For many, one of the key ways to protect data online is to use different passwords to access different accounts, like bank accounts, social media accounts, and especially work-related accounts, applications and systems.

However many tend to use the same password for all accounts containing easily identifiable personal information. It's understandable--it seems almost impossible to remember all passwords across different platforms and accounts without needing the help of a password manager which, if hacked, can put you in tricky circumstances. This is a big problem, especially if you are using your personal laptop to log into sensitive company websites and access critical data. Cyber criminals know these dirty little password secrets, and target weak passwords as an easy way to steal personal or company information, and even your hard-earned savings.

In many cases, eliminating the need for passwords and relying on alternative authentication methods could enhance security and defence against malicious cyber attackers. Instead of just resetting that password in front of you, here are four reasons why it may be time for your company to lose it altogether:

1. Most people are terrible at selecting strong passwords. Each of us has an average of 85 passwords between work and personal accounts. When it is absolutely necessary to reset an expiring password, most people tend to replace one digit with another, which defeats the purpose of the mandatory reset. While the government Cybersecurity Agency of Singapore (CSA) and security teams have relayed the risks of having your passwords hacked and have recommended various tips for complex and unique passwords, many individuals still fail to apply them. While some people successfully follow these best practices, risky habits like saving credentials in browsers, resorting to post-it notes or re-using passwords at work and home continue to endure.

According to findings released by technology firm IBM, 45% of respondents in Singapore always or mostly reuse the same usernames and passwords for different online accounts. If hackers are able to steal a person's username and password for one account and hack into it, they can easily hack their other accounts with the same log-in details.

As we have heard many times, to create a strong password, make sure that it includes both lower and higher case letters, symbols, numbers, and perhaps even some special characters to drastically reduce the chances of your password being discovered or hacked.

2. Password issues result in time lost for your overworked IT help team. Each time when we don't remember our password or get locked out of a work account, we would likely need to contact the IT help desk who would need to reset the password or grant us access. CyberArk found out that an enterprise of 1,000 employees spends about $495,000 annually for the lost time needed to resolve password problems. Given that most companies are operating in a hybrid and remote environment, the IT desk team will continue to run under pressure to handle tickets while employee productivity and work performance take a toll.

3. Password managers only provide basic protection. The need to memorise passwords through writing them on a piece of paper and storing passwords in a browser can be eliminated by using password managers. However, they’re not fool proof. They don’t provide sufficient coverage in corporate environments, where many various users need different levels of system access for a certain period of time. Password managers lack the ability to manage this level of access. And, of course, there's always the risk of the attackers having access to all your passwords for all your accounts should they manage to hack the password manager itself.

4. Most people are ready to do away with passwords. Most of the IT security practitioners and business users (55%) prefer a method of account protection that doesn’t involve passwords. Many websites now offer single sign on (SSO) and multi-factor authentication (MFA) to log into websites. Physical biometric authentication methods are also on the rise. More individuals are beginning to use passwordless logins such as fingerprints, facial recognition and retinal scan. Experts recommend that companies use multiple types of authentication simultaneously and escalate quickly if they see warning signs. Should they encounter instances where the fingerprint doesn't match the facial recognition, or there is account access from an unusual location at an unusual time, it might be time to switch to a backup authentication method or a second communication channel. This is particularly critical for financial transactions or password changes.

For example, Singapore Personal Access (or Singpass), which allows users to securely transact with over 60 government agencies online, has implemented two new two-factor authentication (2FA) options: SingPass Face Verification and Multi User SMS 2FA. With SingPass Face Verification, users can log in by entering their SingPass ID and password, followed by facial recognition using a mobile device with a front-facing camera or an internet-enabled computer with a web camera.

As cyber attackers come up with creative ways to bypass or crack our passwords, passwordless authentication is an important and secure way to protect your own digital identity while helping your company secure critical assets and boost its bottom line. This October is a perfect chance to rethink your passwords or the need for it. In most cases, to acquire enhanced security, using passwordless authentication methods is the key.