It’s World Password Day!

Are your passwords strong enough?

Do you have a long, unique password for every account?

Do you use multi-factor authentication where available?

If you answered, “no” to any of these questions or if you’re not sure, please read on. If you answered yes, then congratulations! Although you can read on too because you may need to send this blog to some family and friends who need it.

Thursday May 6, 2021 is the eighth annual World Password Day and it provides a great opportunity for everyone to look at their password strategy and make changes if necessary. (Spoiler alert: You probably need to make some changes)

World Password Day was started by Intel in 2013 and is celebrated on the first Thursday of May each year, to promote good password practices. So what are good password practices? Here are 4 things that you can do to greatly reduce your risk of becoming the victim of a cyber-attack using your password.

4 Steps To Stronger Password Practices

1. Create complex passwords. This means looking at old accounts and changing weak password to complex passwords. Check that MySpace account or the LinkedIn password you set 10 years ago. You probably have a few out there like, “fluffy99.”

2. Don’t re-use passwords. You may have a favorite password like, “Turbo95Hawk30!” but while it’s long and uses mixed case and special characters, someone could figure that out, especially if one of your accounts is caught up in a data breach and the vendor was not securing your password properly. What happens next is that threat actors will use your username/email address and password on every website they can think of. This is called credential stuffing and it happens regularly. You can learn more about credential stuffing here.

3. Use a password manager. So after reading the first two items, you might be thinking that I’m another one of those unreasonable, crazy cybersecurity wonks who tell you that you have to do things that are unreasonable. I mean, who can create a strong password for every account and remember them all? Ummmm…. almost nobody. So how do we fix this issue? A password manager!! It will create complex passwords for each account and store them securely for you. You will only ever have to remember one password, the one for your password manager! Learn more about password managers here.

4. Use multi-factor authentication (MFA) where available. MFA adds an extra step to your login process. You enter in your username and your password, and then you are asked for one more piece of information to verify that you are trying to log in and not a threat actor. That other piece of information is usually a code from an app on your phone or a key fob, or it could be something else like biometric data. The reason you should use MFA where it is available is because it prevents threat actors from logging into your account if they guess your password. [NOTE: MFA is NOT an excuse to create bad passwords or re-use passwords]. You can learn more about MFA here.

I know passwords are boring and annoying. All the more reason to make sure you use them properly, so take a few minutes to check your passwords practices and make any changes necessary.

Cheers!