As we approach the first Thursday in May, we are reminded of World Password Day. So, what is World Password Day? World Password Day is a reminder to promote better password habits to secure our accounts and the online services we use every day.
In fact, two out of every five people have had their identities hacked, passwords compromised, and sensitive information breached because of bad passwords.
Passwords are a vital security measure for one’s digital identity. With all the publicity, compromises, and data leaks, many people have improved the strength and security of their passwords. However, many people still pick from a shortlist or use what are classified as “common” passwords. The more we work online as a society, the more important password security is necessary.
While people are becoming more aware of the importance of a safe password, we still have improvements to make that will impact our online safety.
Password Statistics That Will Change Your Online Habits:
- 50% of people use the same password for all their logins.
- 59% of Americans use a person’s name or a family member’s birthday as a password.
- 60% of workers use the same password for their job and personal apps.
- 61% of breaches occur from compromised credentials – the most common cause of malicious attacks.
- 67% of Americans use the same password for different online accounts.
No matter what your password is, at some point, someone can hack it through various methods. Standard techniques include brute force attacks, credential stuffing, and hash cracking.
- Brute force attacks use trial-and-error to guess login info and work through all the possible combinations until they find one that works.
- Credential stuffing preys on users’ weak password etiquette. Attackers collect username and password combinations they have stolen, which they then test on other websites to see if they can gain access to additional user accounts. This approach is successful if people use the same username and password combination or reuse passwords for various accounts and social media profiles.
- Hash cracking is a password cracking tool used for licit and illicit purposes. Hash cat is a particularly fast, efficient, and versatile hacking tool that assists brute-force attacks by conducting them with hash values of passwords that the tool is guessing or applying.
Taking steps to improve your posture on security can only really be done by you (the owner of the password) and methods used to protect your online identity. You can begin by following some of the below guidelines to help you on your journey.
New recommendations from the National Institute of Standards and Technology (NIST) call for people to create passwords that are “long, easy-to-remember phrases” – a series of four or five words mashed together. Following this rule can be “harder for hackers to crack than a shorter hodgepodge of strange characters.” Read more about the suggested NIST guidelines when it comes to passwords here.
General Guidelines to Follow:
- Change your password every two months if you do not have two-factor authentication enabled on the account, if there is a reason to believe it has been stolen, or if your account has been compromised. 60% of people do not update their passwords regularly.
- Enable two-factor authentication. Leveraging two-factor authentication provides you with a means to know when your password is being applied on an account. Think of the two-factor as a type of guardian.
- Ensure any site which requires you to enter or create a password uses an SSL Certificate for traffic encryption.
- Never use the same password or re-enter an older password.
- Do not use words that can be found in any dictionary of any language.
- Never write down a password. If you feel you cannot recall a password, consider leveraging a password manager.
Passwords are no joke; they help protect who you are. 90% of internet users are concerned about having their passwords compromised. So, to celebrate World Password Day, take a few minutes out of your day for security measures and make the quest to change your passwords.
We suggest picking a few phrases to redo your passwords. Studies show that 53% of people rely on their memories to handle passwords. If you are using post-it notes, taping them to your keyboard or monitor, we suggest checking out a password manager. Password managers can assist with human error and deliver an auto-generation of a password based on standard methods.
Sources: (Web Tribunal, Lastpass, NordPass, Dataprot, Digital Guardian, Secure Data Recovery, DHS.org)