World Password Day is an annual event celebrated on the first Thursday of May every year. This day is dedicated to raising awareness about the importance of using strong passwords and practicing good password hygiene. The first World Password Day was observed in 2013, and since then, it has become an important event in the cybersecurity industry.
Passwords are an essential part of our online lives. They protect our sensitive data from unauthorized access and ensure that our online transactions are secure. However, the sad reality is that many people still use weak and easily guessable passwords, which puts their online security at risk. In fact, a recent study found that the most common password is still “123456,” followed closely by “password.”
To address this issue, World Password Day was created to educate people on the importance of using strong passwords and how to create and manage them. Here are some tips from cybersecurity experts on how to create strong passwords:
Darren Guccione, CEO and co-founder at Keeper Security:
“Along with evaluating personal password hygiene, World Password Day is a fantastic opportunity for IT security teams to consider their password and secrets management policies. This is a pervasive problem, as our 2022 UK Cybersecurity Census report found that nearly a third of organisations allow their employees to create their own passwords and share passwords using insecure means.
“We recommend strong, unique passwords or passphrases for each account that are at least 12 characters with upper and lowercase letters, numbers, and special characters. To achieve this, it is essential to use a password manager as a first line of defence. This will help employees use high-strength random passwords for every website, application, and system. A password manager will drastically reduce the chances of a compromise that can hurt a company’s reputation or brand. To add an additional layer of security, we also recommend enabling MFA, such as an authenticator app, to protect against remote data breaches.
“Password managers can also help colleagues securely share passwords and access to accounts. Some common mistakes include sharing passwords through unencrypted emails or messages, storing passwords in a spreadsheet or text file and making the passwords less complex so they are easier for multiple people to remember. Another key advantage of a password manager is that it makes it easier for teams to protect their shared accounts with MFA.”
Thomas Richards, principal consultant at the Synopsys Software Integrity Group:
“Humans often default to weaker and shorter passwords because they’re easier and more convenient to create. Without policies to require stronger passwords, we’re setting ourselves up to be exposed to a number of digital threats.”
“Strong passwords are the foundation of internet security and must be taken seriously. I recommend that passwords be as long as possible, and include a variety of symbols, numbers, and upper- and lower-case letters. It’s also a good idea to use three- or four-word sentences, which can greatly reduce the chance of a password being cracked. I also recommend always enabling multi-factor authentication on any app or platform that offers it. Multi-factor authentication, coupled with a strong password, can create a strong defence against attackers.”
“Usernames and passwords have always been at the core of digital authentication, and I don’t see that ending anytime soon. Multi-Factor Authentication (MFA) also adds an additional layer of security to better protect systems and end-users from compromise, but strong passwords are still essential for security.”
“Password compromises can often be blamed on inadequate software development practices or vulnerable software. Additionally, poor password hygiene can occur when technical controls aren’t effectively and responsibly implemented, such as a requirement for strong and effective passwords.”
“In today’s digital world, password managers can be an extremely effective tool to manage and secure sensitive login information. Password managers provide secure storage, feedback if a password is considered weak, and can generate complex passwords as needed. All of these aspects can help to reduce the risk of a compromise.”
Darren James, Senior Product Specialist at Specops – an Outpost24 Company:
“This #worldpasswordday we’re reminding IT leaders to stop blaming users for bad passwords, instead use a technology stack that empowers users to implement password best practices. Choose a password policy software that enforces compliance, blocks the use of known breached passwords, and restricts bad user behaviours like using your own company-name in your password. This way, everyone can breathe a sigh of relief knowing your company’s weakest link, passwords, are actually pretty strong.”
Jamie Akhtar, CEO and co-founder, CyberSmart:
“World Password Day is a great time for businesses and employees to reflect on their password habits. Weak passwords are one of the easiest ways for threat-actors to gain access of company networks, which is why businesses should be implementing strong password practices alongside multi-factor authentication. While awareness has increased more recently, particularly among SMEs, businesses must still make sure to encourage employees not to reuse passwords or share them with colleagues or family members. More importantly, they should be moving toward a more holistic approach to their cybersecurity. While strong passwords provide a robust first layer of defence, it’s vital that businesses take other measures on board as well, such as regular security awareness training and strong MFA while consistently updating software and implementing good cyber insurance. Additionally, businesses shouldn’t underestimate the value of a password manager. By implementing a password management solution, cybersecurity leaders will have more insight into the password practices at their firm. They will also be able to implement certain rules and make sure that employee passwords are encrypted and secure to breach. Overall, it will improve password hygiene as well as user experience if used alongside multi-factor authentication.”
Liam Follin, CHECK Team Leader and Consultant at Pentest People:
“Security experts will wax lyrical about the perils of writing your passwords down, but for the average person it is fine, just DON’T use the same password every time, simple. I pick three things that are surrounding me at the time I’m creating the password and use those words with some symbols, done.
“Plus, always use multi-factor authentication (MFA). Most cybercriminals are lazy. By this I mean, they can’t be bothered to take the next step and try to bypass MFA to hack your account if there are other accounts that don’t have it. Always where possible use MFA. Yes, it is a bore to have to use it, but it will keep your online accounts safer.
“And one last thing, try not to forget where you’ve created an account with a password and uploaded details. On a daily basis, we are asked to create an account to get a free trial or create profiles on various online sites. If you do this, always remember where you have created an account, uploaded your details and remove them when you no longer use that site. So many people leave details on sites they no longer use along with old passwords and get easily hacked.”
Stu Sjouwerman, CEO at KnowBe4:
“Passwords are an integral part of so many daily lives and routines. They are the key to accessing some of the most important resources people rely on every day to unlock phones, log in to work devices, email, bank accounts and so much more. According to Verizon’s 2022 Data Breach Investigations Report, 80% of an organisation’s breaches can be attributed to stolen credentials (usernames and passwords). Additionally, the report credits the use of stolen credentials as the second biggest threats to businesses, following ransomware. Because of this, having strong, unique passwords for any and all accounts is essential to protecting and securing privacy.
“We are launching a KnowBe4 password kit, which will include user resources such as access to a free on-demand webinar titled “The Good, the Bad and the Truth About Password Managers” featuring Roger A. Grimes, KnowBe4’s data-driven defence evangelist, KnowBe4’s most popular password whitepaper, “What Your Password Policy Should Be e-Book”, password hacking demo videos from Kevin Mitnick, a password best practices guide and more.
“It is imperative that all end users and organisations take password security seriously; one cracked password can have detrimental effects on multiple aspects of life, both professionally and personally. KnowBe4 recognizes the significance of this vulnerability, which is why we are acknowledging World Password Day with the launch of our new password kit. This kit features helpful tools and resources that enable end users to make smart password choices and practice good password hygiene in order to better protect themselves and strengthen the overall security culture of their organisation.”
Etay Maor, senior director of security strategy at Cato Networks:
“World Password Day is an important reminder for organisations to up their password security and best practices. Strong passwords are one important part of keeping security devices and user endpoints protected from unwanted breaches. One big reason that cyber-attacks happen is because organisations may have left their passwords unchanged for a long period of time or chosen one that is weak and ineffective. Threat actors have admitted in the past that passwords can be easy to crack mainly because people have a tendency to use predictable and easy to guess words to secure their vital information.While it is imperative that organisations use strong passwords and implement robust best practices across the entire business, this is only one layer of many and shouldn’t be solely depended upon. This means that, organisations must implement strong password practices that include MFA from end to end in a remote access solution, while also deploying holistic security solutions.”