In these strange times we all need something to celebrate, so happy World Password Day!
Intel launched World Password Day in 2013 and since then the first Thursday in May has been dedicated to promoting best practices in the use of passwords.
The need for strong passwords to protect personal data is well documented: The 2019 research report on data security shows that 80% of hacking offences were related to hacking and weak accounts.
But recently World Password Day has been the subject of serious debate. Last year, some industry representatives felt that World Password Day 2019 should be the last and stressed that passwords from across the industry should be replaced by more risk-based authentication.
Several cyber security experts commented on the celebration of World Password Day – many argued for the use of password managers, and all agreed that the same password should never, ever be used in different accounts.
Here are some tips to help you learn better password hygiene practices:
Nyam Muldoon, executive director for trust and safety at OneLogin:
Have you ever thought about securing your remote workplace? According to the global OneLogin survey of teleworkers in France, Germany, Ireland, the US and the UK, passwords are not a priority in the current increase in telework. 36% of respondents worldwide admitted that they hadn’t changed their WiFi passwords at home for over a year, exposing corporate devices to a potential security breach.
When working from home, the boundary between work and leisure can often blur because many people share or use work equipment outside working hours, and one in five respondents worldwide admitted sharing the password for their work equipment with their spouse or child. However, today’s World Password Day is an opportunity to promote and implement good password habits, so I encourage everyone to look at the hygiene of passwords. This can mean that passwords are updated and strengthened to protect your personal information, by using multi-factor authentication rather than single-factor authentication such as a password, or by simply updating the way passwords are stored to protect against data leakage.
Adam Palmer, Leading Cyber Security Strategy for Sustainability:
Inspired by Mark Burnett’s book Perfect Passwords, Intel took the initiative to launch World Password Day 2013 to highlight the importance of creating secure passwords – seven years later, and it’s still a bone of contention! The huge amount of stolen user passwords offered for sale on the black web underlines that the problem is not so much creating strong passwords or phrases, but rather creating unique codes for each account on the Internet to limit the damage caused by database breaches.
Every time a researcher has time to search databases with stolen passwords, he or she finds that millions of people still use password 123456, so the chance to change the behavior of passwords is nothing less than miraculous.
Since the dependency on passwords does not seem to decrease and, as it decreases, our virtual identities increase, password managers who create and store complex passwords are very important. This year, with the focus back on passwords, do yourself a favor and automate instead of defending complex recipes and codes.
Csaba Galffy, Head of Product Marketing and Password Management at the MFA with one identity:
A compromised password is always costly – and its use is more important today than ever. Organizations that need to make use of remote access have in fact created a whole new field of attack. Potential attackers no longer have to worry about the physical security of your offices, and as long as they have the right credentials, they have access to the company’s network and all its assets. Since billions of connections were stolen from various organizations during this massive data hack, we recommend changing the passwords of all employees remotely when they use the program from home.
This is also the best time to implement the latest updates to the password policy manual. The industry guidelines, such as those published by the NIST Digital Security Guidelines and the Microsoft Security Baseline, now recommend removing the password expiration policy, removing the complexity rules, and requiring longer passwords.
Anthony Dickinson, CRO 2MC, TÜV Rhineland:
It is best to have a password manager and make sure you have different passwords for each login. They must be at least 12 characters long and consist of a combination of letters, numbers and symbols. Although it is not possible to remember all these passwords, I recommend using the technology made available to us by installing a password manager. This means that your account is not subject to brute force attacks – because random passwords are almost impossible to guess. Even if the account is hacked, it will only be one account, not all. All too often, consumers use and reuse simple passwords, making them all incredibly vulnerable to cybercriminals.
Rita Nugren, Enterprise System Administrator, BI and Project Management in Tripwire:
One way to break the password crackers is to use a hash algorithm. The algorithm is one-sided (it cannot be deconstructed), while another property is that changing a character completely changes the result in a rather unpredictable way. The hash result for the CorrectHorseBatteryStaple (https://xkcd.com/936/) is completely different from that of the CorrectHorseBatteryStable.
This means that for your personal websites where your passphrase doesn’t change often, you can use a long passphrase that probably won’t appear in a hacker dictionary, along with its preface with the website name – SocialMediaJenny8675309 vs WellsFargoJenny8675309. When processing hash they are treated as extremely unique and unrelated, but your memory allows you to reuse your WellsFargo passphrase for Facebook.
Also pay attention to the prefix you use for your accounts. People are not good in random situations and computers are good at pattern recognition. If your passphrase for one website is displayed in plain text in case of a future violation, don’t forget to give the hacker enough information to guess what your passphrase will be on another website.
Pay attention: Do not use the above examples, the first lines of your favorite songs or anything from Shakespeare as key phrases. All these common examples are encoded in hacker dictionaries and can be considered cracked. However, the aforementioned XKCD cartoon inspired the creation of this random word generation, which could be useful to you: http://correcthorsebatterystaple.net/.
Roger Grimes, Evangelist of Privacy, KnowBe4 :
Let’s forget the password on World Password Day. Listen to me. Listen to me: For years we focused on creating a password and forgot that the problem is not really passwords, but the behavior that surrounds them. Finally, the complexity of a password represents only a small potential risk; while the repeated use of the same password, sharing it with friends and family or being the victim of social engineering, has much greater consequences.
Many have speculated for years about an impending password-free era; but after 30 years of debate about this popular prophecy, I can assure you that passwords will remain part of our conversations for at least another ten years. If you do one thing on World Password Day, stop thinking about how to create the most epic password in password history and instead make all your passwords unique and keep them safe with a password manager.world password day 2020 theme,change your password day 2020,password best practices 2020,world password day quotes,1st thursday of may is celebrated as,password tips