The thing about World Somethingorother Days is that there are so many to choose from.
And the first Thursday in May, in a tradition going all the way back to the previous decade, is World Password Day, sometimes referred to as WPD for short.
For all that experts keep telling us that passwords are on the way out, and that they’ll soon be replaced by more secure, harder-to-hack alternatives such as passkeys and biometrics, it looks as though we’ll be using old-style passwords on at least some of our accounts for many years yet.
And there are plenty of problems with passwords, as we know from years of seeing the same sort of advice every time World Password Day rolls round.
Obvious issues we should all keep in mind include:
EBJM
as WORD
. With 12 letters-or-digits, you expand the range to well over a million million million combinations. Simply put, longer passwords are better.SPKL$63QI@JGO5NJ
, but if you use it on all your accounts because it’s “strong,” then a compromise of any one account will automatically cost you all your other accounts too. Simply, put, every account needs a unique password.CHANGEME
(which you probably never will), you should consider a password management app.Don’t get too worried by the numerous “World’s Worst Password Lists” that marketing departments love to publish on WPD.
You’ll recognize those lists because they almost always include three or more of the following unlikely passwords somewhere in their Top Ten or Top Twenty, and have been doing so for years:
123456
1234567890
password
changeme
12345678
Firstly, we’re not going to insult your cybersecurity skills by implying that you would ever think of choosing one of these.
Secondly, and this is the detail that has always made us scratch our heads, how on earth could the creators of those lists possibly know which passwords really are chosen most frequently, given that only a subset of all passwords in use actually get exposed?
Sure, they may have data about what users who were surveyed SAID their passwords were, and may even have handed out gifts to encourage participation in the survey. But who would tell the truth in such a situation? Part of the fun is to say 123456
and claim the free prize! Or they may have data from users whose passwords were successfully guessed by attackers, but that would tell us which passwords are most commonly guessed, not necessarily the most common ones chosen.
Nevertheless, for as long as we need to come up with and use passwords as part of our online security, remember these simple tips:
And some bonus tips:
All of these tips add a little bit of extra hassle to your online life.
But here’s One Cybersecurity Tip To Rule Them All:
A little bit of inconvenience goes an awfully long way.
Logging in fresh every morning, for example, is a small price to pay for making your browser’s cookie database a less valuable target for attackers.
Stay safe out there, and Happy Password Day!
Learn more about our mobile security solution that goes beyond traditional MDM (mobile device management) software, and offers active on-device protection that’s more like the EDR (endpoint detection and response) tools you are used to on laptops, desktops and servers:
Paul Ducklin is a respected expert with more than 30 years of experience as a programmer, reverser, researcher and educator in the cybersecurity industry. Duck, as he is known, is also a globally respected writer, presenter and podcaster with an unmatched knack for explaining even the most complex technical issues in plain English. Read, learn, enjoy!
By subscribing you agree to our Privacy Policy and provide consent to receive updates from our company.