Today is World Password Day. A day meant to remind everyone about the importance of protecting themselves through strong passwords. World Password Day is an annual observance that falls on the first Thursday of every May, also meant to commemorate the 2005 book by Security researcher Mark Burnett, “Perfect Password: Selection, Protection, Authentication,” where he encouraged people to not only have safe and smart passwords but to also have a password day.
By Augustin Kurian, Senior Feature Writer, CISO MAG
Burnett’s tips were taken up by Intel Security, which took the initiative to declare the first Thursday in May as World Password Day, in May 2013, following which the Registrar of National Day Calendar formally designated it.
Passwords, in some form or another, have long been associated with security. We see it in literature all the time: to unlock a door, to pass a guard, or to distinguish friend from enemy. These ambiguous words or phrases are the keys to magical spells or the secret codes to identify one spy to another.
– Mark Burnett, “Perfect Password: Selection, Protection, Authentication
Even after several campaigns and a hue and cry from several cybersecurity experts, and every other stakeholder of safe internet, password hygiene continues to be one of the biggest concerns that have marred the cybersecurity sector. A recent study by Clario and OnePoll suggest that three-quarters of millennials in America use the same password for more than ten different devices, apps, and other social media accounts. The study also revealed certain alarming statistics about the password practices followed by Americans. Most of the respondents admitted they were using the same password in over 50 different places.
Practicing good password hygiene is one of the most essential security measures to deter online intruders. If you compare old threat vectors with the new ones, one vector which has stayed redundant is poor password management. “There’s the lower level or ‘Bottom Feeders’ taking advantage of unpatched networks or devices, poor password management, and targets conducting poor cyber hygiene,” Marcus Fowler, ex-CIA executive and Director of Strategic Threat at Darktrace, told CISO MAG.
Several times people choose easy-to-remember passwords rather than focusing on security. With the rising concerns over data breaches and troves of usernames and passwords being dumped on the dark web every day, password hygiene is more important than ever. “The sheer volume of stolen users’ passwords available for sale on the Dark Web highlights that the issue is less about creating strong passwords or phrases, and more about users creating unique codes for each online account to limit the damage from database breaches,” Adam Palmer, Chief Cybersecurity Strategist at Tenable said.
“Every time a researcher with time on their hands searches through the stolen password databases, it reveals millions are still using 123456 as a password, so the chances of changing password behavior is nothing short of a miracle,” he added while also stressing on the need for automation.
“Passwords hold the key to our digital lives – from financial information to corporate documentation, personal photos and more. They are the first line of defense in safeguarding vital online information from cybercriminals. We tend to create and use multiple accounts for personal and professional use – more the accounts, the more usernames and passwords we seem to accumulate. Data breaches are making headlines and our poor password habits are fueling the fire. In the event of a breach, compromised login credentials and passwords are sold on the darknet for a bargain. Hackers attempt using those credentials to access as many accounts as possible, fully aware that people often use the same password for multiple accounts,” said Venkat Krishnapur, Vice President of Engineering and Managing Director, McAfee India.
He continues, “Cybercriminals often reference the most common password combinations as their first login-guessing tool. Use complex passwords and well-built passphrases that you can memorize. If possible, passwords should consist of at least 12 or more characters. Layer up your passwords and use a combination of numbers, letters, and special characters. Choose unique passwords across all of your accounts. To make life easier, use a password manager to keep track of multiple accounts. Wherever possible, opt for two-factor or multi-factor authentication for an extra layer of security, as it requires multiple levels of verification. The 5Ps (Passwords, Phishing, People, Patching and Privileges) are the most common causes for breaches. Passwords would certainly be one of the top P’s to manage, to ensure you stay safe online. This World Password Day, review your defense and diligently revamp your passwords.”
CISO MAG has listed out some best practices to be established to keep intruders at bay. These include:
- Using Two-Factor Authentication
- Use Passphrases Instead of Passwords
- Observe Proper Web Security
- Avoid Reusing Passwords
- Protect Your Password List
- Use a mix of lower case and upper-case letters, numbers and at least one special character
- Change your passwords frequently
- Don’t Mix the Business Email Account with Personal
- Use a VPN when using public Wi-Fi to avoid interception
- Update your Antivirus
It is eminent that the world will rely on passwords for the foreseeable future. With the increase in virtual identities of human it is important that passwords do not become an easily penetrable door. Because at the end of the day, it all comes back to basics — a strong password means a secured account. Stay safe on World Password Day!
About the Author
Augustin Kurian is part of the editorial team at CISO MAG and writes interviews and features.