World Password Day 2023: Why it matters more than ever

Did you know that May 4th is World Password Day in 2023? One might wonder why dedicating an entire day to passwords is important. With the increasing reliance on digital platforms and the ever-growing threat of cyberattacks, securing digital lives has never been more critical.

So, why does World Password Day matter? To put it simply, it’s a necessary reminder to prioritize online security. It’s like a digital health check-up. A strong password is the first line of defense against cybercriminals, and everyone is responsible for ensuring they’re doing everything they can to keep personal and professional data safe.

Think about people’s numerous online accounts: social media, banking, email, shopping, and more. Entrusting countless websites and apps with sensitive information requires robust passwords to deter hackers from gaining unauthorized access to these accounts.

Now, some might think, “But I already have a good password. I don’t need to change it.” That’s where World Password Day comes in. It’s not just about having strong passwords but also about maintaining good password hygiene. This means regularly updating passwords and avoiding using the same password for multiple accounts.

According to Cybernews, these are the top 10 most common passwords in 2023:

The growing concern over password security is not without reason. Despite countless warnings against using the same password for multiple accounts, many people continue to do so, often because they find it challenging to remember complex passwords. As our reliance on passwords increases, so does the need for advanced technology to simplify user password management.

Multi-layered authentication is already being implemented by companies worldwide. A single password is no longer sufficient for securing access to accounts. Now, businesses require multiple layers of authentication, making it more difficult for hackers to gain unauthorized entry.

Artificial Intelligence (AI) offers another promising solution for password security. Imagine a hacker is on the verge of cracking a password. An automated system powered by AI could detect this pattern and change the password proactively, thwarting the hacker’s attempt. This is just one example of how AI can revolutionize password protection.

To ensure password strength and security, industry experts shared the following tips:

Fran Rosch, CEO, ForgeRock

Our industry has been talking about the vulnerability of weak passwords for years, yet data breaches are still a major concern, and organizations underestimate the risks associated with relying on passwords to protect valuable information. Closely monitoring password activity is critical to ensuring that attackers haven’t slipped through a company’s security. For example, if an employee gets locked out of the system and does not request help from their IT team, that person’s credentials are now at risk.

Abolishing weak passwords by going passwordless significantly helps enterprises reduce risk and stop threats at scale. As identity theft and breaches reach unprecedented levels, organizations need to take advantage of technology that strengthens security. This includes the adoption of passwordless solutions that incorporate things like biometrics, authenticator apps, tokens, and certificates, as well as AI-based access management. As we reflect on World Password Day, it’s clear that unless we eliminate passwords altogether, we will continue to live in a lose-lose situation where online experiences will remain frustrating for users and attackers continue to keep stealing our information.

Thomas Richards, Principal Consultant, Synopsys Software Integrity Group

Humans often default to weaker and shorter passwords because they’re easier and more convenient to create. Without policies requiring stronger passwords, we’re setting ourselves up to be exposed to several digital threats.

Strong passwords are the foundation of internet security, and must be taken seriously. I recommend that passwords be as long as possible, and include a variety of symbols, numbers, and upper- and lower-case letters. Using three- or four-word sentences is also a good idea, which can greatly reduce the chance of a password being cracked. I also recommend always enabling multi-factor authentication on any app or platform. Multi-factor authentication and a strong password can create a strong defense against attackers.

Usernames and passwords have always been at the core of digital authentication, and I don’t see that ending anytime soon. Multi-factor Authentication (MFA) also adds a layer of security to better protect systems and end-users from compromise, but strong passwords are still essential for security.

In today’s digital world, password managers can be an extremely effective tool to manage and secure sensitive login information. Password managers provide secure storage, feedback if a password is weak, and can generate complex passwords as needed. All of these aspects can help to reduce the risk of a compromise.

Rebecca Law, Country Manager, Singapore, Check Point Software Technologies

Techniques such as phishing have breached thousands of services by stealing credentials, especially in Singapore. On average, organizations are attacked 1,246 times per week in the last 6 months. This risk can be easily remedied by establishing secure passwords, making it much more difficult for cybercriminals to guess these combinations, ensuring the highest level of security for our devices. Definitive keys to achieving it include:

• Easy to remember, complex to guess: it should be a combination only the user knows, so it is advisable not to use personal details such as dates of anniversaries or birthdays or the names of family members, as these can be easier to figure out. A simple way to create passwords anyone can remember is to use complete sentences, using common or absurd scenarios, with examples such as ‘meryhadalittlelamb’, or its even safer equivalent with different characters’ #M3ryHad@L1ttleL4m8’.
• Unique and unrepeatable: create a new password each time a service is accessed and avoid using the same password for different platforms and applications. This ensures that if a password is breached, the damage will be minimal and more easily and quickly repairable. According to a Google survey, at least 65% of respondents reuse their passwords across multiple accounts and web services, which increases the chances of multiple platforms or applications being breached.
• Always private: a premise that may seem basic but is important to remember. A password should not be shared with anyone, and it is especially advisable not to write it down anywhere near the computer or even in a file on it. For this task, you can use tools such as password managers, which do the same job but more securely.
• Real security is just ‘two steps’ away: Besides having a strong and secure password, using two-factor authentication (2FA) is a major security enhancement. Whenever an attacker or an unauthorized person wants to access someone else’s account, the account owner will receive a notification on their mobile phone to grant or deny access.
• Change it periodically: sometimes, even after following all these practices, incidents beyond our reach occur, such as leaks in company databases. Therefore, it is advisable to periodically check whether an email has been the victim of a vulnerability to a third party and try to trace the accounts that may have been compromised. To do this, public access tools, such as the Have I Been Pwned website, try to gather basic information on these leaks to offer support and help to users. Similarly, even if they have not been breached, updating passwords every few months is always recommended.

Stuart Wells, Chief Technology Officer at Jumio

World Password Day reminds organizations that although passwords were reliable in the past, it is time to bolster security solutions with more secure and robust authentication methods, like biometric authentication, to ensure that the user accessing an account is the authorized user. For example, Netflix’s seemingly controversial new password-sharing policy is a best practice that all organizations should follow. Most organizations and consumers do not realize the risk of sharing passwords. If a user shares their password and the person they shared it with falls victim to a cyberattack, that password is now compromised and can lead to the cybercriminal potentially accessing their or their company’s data. This inadvertently causes costly data breaches and damages consumer trust.

For consumers, sharing a password may seem harmless to help friends or family save money, but the best practice regarding passwords is never to share them. Consumers fail to realize that although they trust these individuals with their passwords, cybercriminals may gain access to their devices along with usernames and passwords that could lead to identity theft, financial fraud and phishing attacks.

Vincent Goh, President and General Manager, APJ, CyberArk

This Word Password Day, it is important for organizations to apply a least-privilege approach to ensure that employees can securely share credentials without revealing password characters. Recognize that all workforce users’ passwords should be protected with the same security-first approach that organizations apply to privileged users’ credentials.

As organizations bolster their password protection capabilities, they should also work towards a holistic Identity Security approach to ensure privilege controls are applied across the board for all identities.

Satnam Narang, Sr. Staff Research Engineer, Tenable

This World Password Day, I’m reminded of a string of articles over the last several months from retail to fast-food companies, where users of these sites found their accounts compromised due to credential stuffing attacks. Credential stuffing is an attack where cybercriminals take user login credentials obtained from data breaches on other websites and services and use the same usernames and passwords on other websites and services. More often than not, these attackers will be successful using the stolen data, because many users tend to reuse passwords across multiple websites.

The saying “use a strong and unique password” across each website stems from incidents like the ones mentioned earlier. It’s not easy to manage several hundred passwords, so it is important for individuals to leverage tools like Apple’s built-in keychain for saving passwords and using professional password management solutions. These tools can help users generate strong and unique passwords that they don’t have to remember, and they can use browser extensions to auto-fill their credentials into the right website.

Some sites offer password-less sign-on, which leverages a second factor, such as a phone, to help facilitate logging in without passwords. This isn’t as widespread of a feature across many websites, but it’s another solution to help address some of the challenges posed by passwords alone.

In conclusion, World Password Day is about raising awareness and encouraging everyone to take online security seriously. It’s an opportunity for people to evaluate their password habits and make the necessary changes to safeguard their digital lives. After all, a little effort goes a long way in protecting against the ever-evolving landscape of cyber threats. Happy World Password Day!

---

---

---

---