Mr Prince Adu, a Cybersecurity Professional, has urged individuals and organisations to strengthen their password protection systems by adopting Multi-Factor Authentication (MFA) to prevent account takeovers and online fraud.
He said relying solely on passwords was no longer safe, as many cyberattacks stemmed from weak or reused passwords, making it necessary to combine them with MFA for enhanced security.
Mr Adu gave the advice in an interview with the Ghana News Agency on the sidelines of the final day of a three-day Cyber Security 360 Workshop, held in Accra.
The event was organised by Women in CyberSecurity (WiCyS) West Africa Affiliate, in collaboration with the Cyber Security Authority (CSA), and supported by TAG International through the UK Government’s FCDO Africa Cyber Programme.
It formed part of activities commemorating Ghana’s National Cyber Security Awareness Month, under the theme: “Building a safe, informed and accountable digital space – Strengthening Our Human Firewall.”
Mr Adu, also a WiCyS West Africa Affiliate Ally, explained that many organisations fell victim to business email compromises and account takeovers due to poor password configurations and failure to activate MFA.
“What I’ve noticed is that most of the time, when it comes to organisations’ configuration of password complexities, they leave it at default. With the default, you are able to have something called a dictionary like your name, your birthdays and the likes,” he said.
“But they’ve not set the complexities in terms of the length, in terms of the multiple characters, alphanumeric characters that you are supposed to do. And also not setting the right expiration time when it comes to passwords,” he added.
Mr Adu noted that compromised passwords could be reused to access multiple systems, often targeting Finance Managers, Chief Executive Officers, and Department Heads.
“When your password gets compromised, immediately change the password. If you work in corporate organisations, change the password immediately and notify your security incident management team or cybersecurity manager so that they can use that as lessons to improve upon the system.”
“And then also make sure that you have enabled MFA on that particular account because it’s a single point of failure to only have a password,”he advised.
Multi-Factor Authentication (MFA) is a security method that requires individuals to verify their identity using two or more distinct factors before accessing an account, system, or device.
Instead of relying solely on a password, MFA adds an extra layer of verification to confirm the user’s identity.
Multi-Factor Authentication uses two or more types of verification to confirm identity. These include Something you know, such as a password or PIN; Something you have, like a phone, security key, or code; and Something you are, such as a fingerprint or face scan.
For example, logging into an email account may require entering a password and then confirming a code sent to your phone.
This process helps prevent unauthorised access even if a password is stolen.
Mr Adu likened passwords to toothbrushes, stating, “You can’t share a toothbrush, and the same applies to passwords. Even within families, passwords should never be shared. Treat them as private and personal.”
He suggested that awareness about MFA should begin at home to promote household-level online safety.
Commending WiCyS West Africa for organising the event, Mr Adu said training women in cybersecurity had a multiplier effect.
“Women are nurturers. When you train one woman, she can spread knowledge faster and wider. Bridging the gender gap in cybersecurity is key to achieving inclusion and national resilience,” he said.
A panel discussion on “When Things Go Wrong: Learning from Cyber Incidents” urged companies to offer continuous staff training and to treat cyber incidents as learning opportunities.
Participants were encouraged to report incidents promptly and document them to understand cybercriminal tactics.
WiCyS is a global non-profit organisation focused on recruiting, retaining, and advancing women in cybersecurity.
Founded in 2012 by Dr Ambareen Siraj with support from the National Science Foundation, it has grown into a global community spanning academia, industry, government, and research.
WiCyS West Africa, based in Ghana, aims to expand to Nigeria, Togo, Benin, Côte d’Ivoire, Liberia, Senegal, and Sierra Leone, promoting inclusion and empowering women across the regional cybersecurity ecosystem.
