Today is World Password Day. Every year on the first Thursday in May World Password Day promotes better password habits. Despite what is going on in the world this might be the most important Password Day there has been.
With so many of us working from home our cybersecurity will be stretched to the limit. The basis of great cybersecurity is using strong passwords. So to a good way of improving your security is making sure employees are using strong passwords for all accounts your business uses.
Why is World Password Day so important?
Well despite all the warnings about using the same weak passwords on our accounts, we are still doing it. We are still making it easy for cybercriminals to hack into our accounts. If a hacker gets access to one account and you use that password across different accounts, they now have access to all of them.
A survey held in the UK by password manager LastPass found some shocking behaviours around using the same password.
- 92% know that using the same or a variation of the same password is a risk, but:
- 50% of us do it regardless!
We reuse passwords to stay in control
People continue to use the same password across accounts because they think it gives them more control. Instead, it is putting them at risk. From the same survey these are the reasons for reusing the same password:
- 64% I am afraid of forgetting my login details
- 51% I want to be in control and know all my passwords
I will remember my password
Can you remember unique passwords for all your accounts? Of course not, we have too many accounts for that nowadays. We are even struggling to remember the simple, 'more memorable' passwords we are using over and over. The survey shows that tactic isn't working.
- 54% keep track of passwords by memorising them
- 29% reset their passwords once a month or more because they forget them.
If a brand you use is breached you should change your password. If you use that same password for other accounts you should change those as well. It is something we are still not doing and it's making it too easy for hackers.
- 58% haven't changed their password in 12 months - even after hearing news of a breach
I'm not a target
It's a common thought, why would they waste their time trying to get my details. Yes, your credit card number might only get a hacker £5 on the dark web but if they do that in thousands that's suddenly a lot of money.
By not thinking you're a target you make yourself a bigger target. Why wouldn't they go after the low hanging fruit? If our password habits make it easy for hackers then, of course, they will target us. It's easy work for them and they can do it in bulk.
- 40% think their accounts aren't valuable enough for a hacker to waste time on them
Our passwords are easy to guess
You post far more personal information on social media than you even know of. How many times have you seen the 'what superhero are you post', where your day of birth and your month make up your superhero name?
We post information like this all the time and then we include that information in our passwords.
- 22% could guess their significant other's passwords
- 24% use sentimental information in their passwords
We must be doing something right though?
Yes, there is some positive news regarding our behaviour. We are using multi-factor authentication (MFA) to further protect our accounts. You can find out what multi-factor authentication is here.
We are also using biometrics more. This is mainly down to the advances of technology on our smartphones. Biometrics is more secure than the traditional text password.
- 51% use MFA for personal accounts
- 67% said they trust biometrics over text passwords
How can we set strong passwords?
We have a whole article on what makes a strong password and how to create one here. Our simple, memorable passwords are no longer an option. The best practice for strong passwords means we can't remember them all.
The solution for that is using a password manager. We do not write down our passwords! You can find out everything you need to know about password managers here.
What can I do today?
Celebrate the day by taking the #WorldPasswordDay pledge. Share these password tips on social media, too:
- change an old password to a long, strong one
- turn on two-factor authentication for your important accounts
- password protect your wireless router
- don’t store passwords on your computer or phone
- log off when you’re done with a program
- periodically remove temporary internet files
We have created a grade card for your current passwords which you can access below. This will show you how strong your passwords currently are and how you can improve them.