World Password Day – Make it Easier

The value that passwords have had over the years has changed with each generation. Gone are the days when people would just use their birthdays or their spouse’s name as that security code which gives them access to their personal Fort Knox – be it within a bank or on a computer or just their email accounts. 

On World Password Day today, we take a look at how things are changing and what passwords would mean in the AI-led era that is staring at us now. Just so that you’re aware, Google has made a significant change to the way they’ve perceived passwords. Starting today, Google users can switch to passkeys and ditch their passwords and two-step verification codes. 

In an era of digital identities, passwords play a role

Here’s what Amit Sharma, security engineer at Synopsys Software Integrity Group has to say: “Ensuring our passwords are secure is a crucial element of protecting our digital identities and sensitive information that we may provide when shopping online, using social media or mobile banking apps (to name a few popular examples). 

“The wide array of password protected services available to us leads many to re-use the same password across many applications for the sake of convenience. However, in the event that a password for one service is breached, many doors could be opened to would-be attackers if users are in fact re-using passwords — a very common attack strategy,” he says. 

Understanding password security best practices — such as not re-using passwords, employing a password manager, and using multi-factor authentication whenever possible — teaches users how to create a more secure environment in which to protect their data. And new technologies are continuously emerging to improve security and scalability while also accounting for a seamless user experience.

Corporate policies should push the case for stronger passwords

Thomas Richards, Principal Consultant, Synopsys Software Integrity Group, goes on to add: “Humans often default to weaker and shorter passwords because they’re easier and more convenient to create. Without policies to require stronger passwords, we’re setting ourselves up to be exposed to a number of digital threats.” 

Strong passwords are the foundation of internet security, and must be taken seriously. I recommend that passwords be as long as possible, and include a variety of symbols, numbers, and upper- and lower-case letters. It’s also a good idea to use three- or four-word sentences, which can greatly reduce the chance of a password being cracked. I also recommend always enabling multi-factor authentication on any app or platform that offers it. Multi-factor authentication, coupled with a strong password, can create a strong defense against attackers, he says. 

Usernames and passwords have always been at the core of digital authentication, and I don’t see that ending anytime soon. Multi-Factor Authentication (MFA) also adds an additional layer of security to better protect systems and end-users from compromise, but strong passwords are still essential for security.

Password compromises can often be blamed on inadequate software development practices or vulnerable software. Additionally, poor password hygiene can occur when technical controls aren’t effectively and responsibly implemented, such as a requirement for strong and effective passwords.

In today’s digital world, password managers can be an extremely effective tool to manage and secure sensitive login information. Password managers provide secure storage, feedback if a password is considered weak, and can generate complex passwords as needed. All of these aspects can help to reduce the risk of a compromise.

Simple and easy ways to have strong passwords

Rebecca Law, Country Manager, Singapore, Check Point Software Technologies, says every day, cybercriminals create new attacks aimed at stealing user passwords. Techniques such as phishing have managed to breach thousands of services by stealing credentials, especially here in Singapore, where on average, organizations are attacked 1,246 times per week in the last 6 months. This risk can be easily remedied by establishing secure passwords, making it much more difficult for cybercriminals to guess these combinations, ensuring the highest level of security for our devices. Definitive keys to achieving it include:

• The longer and more varied, the better: it should be at least 14 -16 characters long and consist of different letters, combining upper and lower case letters, symbols and numbers. However, it has been noted that by simply increasing the password to up to 18 characters combined, a completely unbreakable key can be constructed. This belief is based on the number of attempts brute-force practice requires where the total number of combinations is equal to the number of characters multiplied by their length.
• Easy to remember, complex to guess: it should be a combination that only the user knows, so it is advisable not to use personal details such as dates of anniversaries or birthdays, or the names of family members, as these can be easier to figure out. A simple way to create passwords that anyone can remember is to use complete sentences, either using common or absurd scenarios, with examples such as ‘meryhadalittlelamb’, or its even safer equivalent with different characters ‘#M3ryHad@L1ttleL4m8’.
• Unique and unrepeatable: create a new password each time a service is accessed and avoid using the same password for different platforms and applications. This ensures that in the event of a password being breached, the damage will be minimal and more easily and quickly repairable. According to a Google survey, at least 65% of respondents reuse their passwords across multiple accounts and web services, which increases the chances of multiple platforms or applications being breached. 
• Always private: a premise that may seem basic but is important to remember. A password should not be shared with anyone, and it is especially advisable not to write it down anywhere near the computer or even in a file on it. For this task, you can use tools such as password managers, which do the same job, but in a more secure way.

The most important aspect here is to change the passwords periodically.