World Password Day: Dos And Don’ts To Keep Your Data Safe

SHARE

Did you know that the first Thursday in May is World Password Day? We all know how to celebrate Independence Day, Valentine’s Day, April Fools, and Halloween, but how do we celebrate World Password Day? Do we go around and wish people ‘happy password day’ or wear password-themed costume?

It turns out that we have had been creating some terrible, predictable passwords and the tech community wants to do something about it. As a result, they created World Password Day to try raise awareness about how we should create passwords. Creating passwords from your name or date of birth just because it’s easier to remember is a bad idea. Anybody with access to that information can guess your password in minutes and gain access to your personal information.

The idea behind World Password Day is to encourage people to come up with strong passwords that are impossible to guess and difficult to break.

 

The evolution of passwords

Despite several claims that passwords would be dead in a few years, passwords don’t seem to be going anywhere. In fact, they’re becoming an integral part of our digital lifestyle. Whether you’re at work or home, we’re entering more passwords than we used to a few years ago. According to a study, the average internet user has 100 passwords.

However, companies offering online services want to cut your reliance on mere passwords. They are building additional layers of security on top of their typical username password authentication system to mitigate the risks associated with weaker passwords. For example, Gmail asks you to enter a one-time password (OTP) whenever you access your inbox from a new device or browser, and Dropbox wants you to provide your phone number as an extra layer of security. Passwords should be part of the authentication process, not the process itself.

Moreover, many online services such as Yahoo Mail and Microsoft Outlook are ditching passwords altogether in favor of an OTP. This trend is common with mobile apps such as Viber, WhatsApp, Zomato, Uber, Postmates, etc.

 

Dos and don’ts to keep your data safe

It goes without saying that you should keep a strong password for the online services you’re using. Moreover, using the same password for your banking account and Instagram is a bad idea. If your Instagram account gets hacked, your bank account shouldn’t follow. Organizations putting their password dumps in spreadsheets should think otherwise. Let’s take a look at the dos and don’ts that you should follow in order to keep your data safe:

Use strong passwords

A strong password is a random string of distinct sets of characters that is near-impossible to break with conventional methods of password breaking such as brute-force and dictionary attack. Security analysts suggest a strong password shouldn’t be shorter than 16 characters and must contain a combination of lowercase, uppercase, number, and special characters (_, -, @, $, etc.).

In addition, they must not contain any common phrases, slang, names, and words or instinctive patterns such as 12345, abcde, qwerty, etc. When it comes to number-only passwords, avoid putting anniversaries or the date of birth of your loved ones. 

Whilst password1234 is a terrible password, P@$$w0rD3412 isn’t because the latter has all the traits of a strong password.  

Don’t use the same password for every service

Data breaches happen regardless of how strong or weak your passwords are. It’s the harsh reality of our time and has become a common thing.

If your Yahoo account gets hacked because your password appeared in a data breach, you won’t have a hard time retrieving your account provided you can verify your identity to Yahoo Support. However, if that was your password for every service you use online including your work email, Twitter, and banking account, the hacker could do irreversible damage to your finances, career, and reputation. The idea is to use strong but different passwords for each of the services you use online.

Don’t ignore security notifications

The service you’re relying on with your data may not be so vigilant to external and internal threats and may end up giving up your data to a cunning hacker who may sell it on the dark web or dump it in public forums.

If you store your password on a modern browser or password manager, you will get a notification if your password was in a known data breach. In addition, if you use an inbuilt password manager in an Apple, Windows, or Google device, you will get a notification prompting you to change your password at the earliest stage.

Rare Crew recommends using a third-party password manager such as Bitwarden or Dashlane to stay notified of data breaches and whether your password was compromised. 

Ignore suspicious links

If you received a link in your inbox warning that you must change your bank password immediately, don’t click it before confirming it with your bank. It may look like it came from your bank, but it could be a targeted phishing attack that’s come from a broke hacker living in a garage. Don’t click the link if you’re ever in doubt.

 

The future of passwords

Passwords ask a fundamental question about ownership. If somebody gains access to your password, who is the owner of the account and the underlying data? You or the other person. Instincts would say that you are the owner. However, in the eyes of the service provider, anybody who has the password is the owner. If the other person changes the password, how would you prove that you’re the owner?

Tech companies understand that your passwords are gatekeepers to your private information and don’t establish ownership over an account. Thus, the industry is moving forward towards a digital world where passwords are losing relevance to securer ways of safeguarding your personal data:

Two factor authentication

Relying entirely on a predictable password(s) to secure your data online is a bad idea. Most web applications and mobile apps allow you to add another layer of security (in addition to password) to authenticate into their services. With 2FA, you will be prompted to enter an OTP as soon as you authenticate with your valid username and password. Depending upon how you proceeded to set up 2FA with the application, you may receive the OTP on your phone number or have to generate it from an authenticator app such as Authy.

The idea behind 2FA is based upon ‘what you can show’ in addition to ‘what you have’. For instance, you have your password with you all the time, but it is the OTP that you must show in order to authenticate into the service.

Passphrases

Several digital and crypto wallets accept passphrases rather than passwords when logging in. Passphrases are longer than passwords yet easier to remember. A passphrase is a list of common words that you must insert in the right sequence to gain access to the service. A passphrase can be as long as 128 characters and may look something like this: derive eagle property trend physical unable only strike fold pretty soft.

Passphrases have a higher chance of averting a dictionary or brute-force attack than a typical password system. This is because password cracking tools break down at around 10-16 characters, however passphrases aren’t immune. Therefore, people are moving to hardware-based security keys and wallets.

Hardware keys

Hardware keys such as those based on FIDO and FiDO2 standards are gaining popularity as the ultimate method to secure access to your online accounts. FIDO keys, if supported, work on top of a password-based system as an option to 2FA. Rather than entering an OTP to access your account, you have to insert the key into the computing device you’re accessing the account from to authorize a secure session. Hardware keys are preferred by top influencers and HNI customers. 

Single sign-on

At enterprise level, single sign-on (SSO) is the go-to authentication method to log into apps and websites. This method enables employees to authenticate multiple applications and websites by using just one set of credentials provided by the employer. SSO is the preferred method when you don’t want your employees managing too many passwords.

A big downside of SSO is if an external person somehow gains access to the SSO credential, they can access the organization’s private network.

Password less

Many firms are ditching passwords altogether from their authentication systems and moving to a password less world. The current state of password less systems expect users to download the authentication app by the service provider and authorize once with the authentication server.

Whenever the user tries to access the service, they receive a notification on the app to authorize or deauthorize the session.

Companies such as Microsoft, Google, Adobe, and Verizon already offer A password less option to login into their services.

Password manager

A normal person cannot remember 50 or so passwords unless they are reusing them, or they are too easy to remember. This is where password managers come. They store your passwords and autofill them whenever you try to login. Leading password managers put 256-bit encryption on your passwords so that they are indecipherable in the event of a break-in and are only visible as series of incomprehensible hashes. Since the private encryption key is associated with your passphrase, neither the vendor nor the intruder can decrypt those hashes to reveal your stored passwords.

The downside is that the support person cannot help you unlock your stored passwords if you forget the passphrase.

 

World Password Day raises awareness about how we should generate passwords. It encourages us to ditch our old weak passwords and replace them with strong passwords. It also promotes the use of different passwords for different online services and relying on 2FA.

 

SHARE

Cookie Settings

×

When you visit any website, it may store or retrieve information on your browser in the form of cookies. This information may be about you, your preferences or your device. This is mostly used to make the website work as you would expect it to. The information doesn’t identify you but can be used to offer a more personalized web experience.

Because we respect your right to privacy, you can choose to not allow certain types of cookies. By clicking on the different category headings, you can find out more and change from our default settings. However, blocking certain types of cookies may negatively impact your experience on this site and the services we are able to offer.

Cookie Policy

Manage Consent Preferences

These cookies are necessary for the website to be able to function, hence cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services. This includes setting your privacy preferences, logging in or filling in forms. You can set up your browser to block or alert you about these cookies, however some parts of the website won’t work as a result. These cookies don’t store any personally identifiable information.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.    They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.