Another World Password Day has come and gone, without most of us even noticing. World Password Day is an effort to promote better password behavior, and it occurs on the first Thursday in May. The idea for the observance came from Mark Burnett, whose 2005 book “Perfect Passwords” encouraged people to have a “password day.” In 2013, Intel Security declared the first Thursday in May to be World Password Day, creating an annual reminder for online account security.
The Threat
Passwords are a key line of defense against security breaches. A security breach is akin to a break-in to an online account. According to PCWorld, four big data breaches have occurred in 2019. One of the worst was a breach named Mega, which affected 2.7 billion email and password combinations. Once these breaches happen, hackers sell the information to other cybercriminals, who put it to work for nefarious gains.
Once hackers have an account password, they can access any information within the account, including stored credit cards, as well as physical and email addresses. According to Hypersecu, there are five main ways hackers gain account access: mass theft, WiFi traffic monitoring attacks, tab-nabbing phishing attacks, key-logger phishing attacks, and brute force attacks. In mass theft, hackers use a program that runs stolen usernames and passwords through tens of thousands of sites until they get a hit. In a WiFi monitoring attack, a hacker uses an application that monitors public networks that aren’t protected, such as those in coffee shops. The application then allows hackers to obtain any personal information a person enters while using a public network.
In tab-nabbing phishing, hackers make fake sites that look exactly like a real site to facilitate theft. In key-logger attacks, a user unknowingly downloads a virus via an email or Internet download. This virus contains a program that tracks every key item a user types, including usernames and passwords. In brute force attacks, hackers already have a username and then use programs that try to access sites using the most-common passwords (e.g., password or 123546). Eventually, they can get a hit.
A Portrait of a Strong Password
With so many threats to personal information stored online, people can feel defenseless against online attacks. However, there are steps people can take to decrease the likelihood of their accounts being compromised. The online security company Avast has some modern recommendations for people looking to protect their personal information.
For example, people should periodically change their passwords. There is no hard-and-fast rule, but with four large breaches already occurring in 2019, many users’ information has been stolen. Changing your password can protect your accounts. People should also avoid using the same password for multiple accounts. That way, if a criminal has a user’s credentials, they can only compromise a single account. People should also use strong, but not overly complicated, passwords. They should avoid using their own names or those of family members, a pet’s name, their own birthday, words related to a hobby, or part of a home address. This is because all of this information can be phished via social media posts and other public information.
To create a strong password, Avast recommends using at least 16 characters, as well as numbers, special characters, and a combination of uppercase and lowercase letters. Additionally, people should not use any words related to themselves or the site the password is protecting.
Beyond Passwords: A Way to Add Security
World Password Day is a time for people to reflect on the ways they can improve the security of their online accounts. The official site of World Password Day suggests moving beyond strong passwords. They started the #LayerUP hashtag to advocate for multi-factor authentication, which is also known as two-factor identification. By adding this type of authentication, people participate in a second layer of authentication when visiting a site.
People can use this form of authentication on email, banking, or social media sites. There are different ways to provide a second log-in factor, such as typing a one-time PIN, which is sent to a user’s phone, or scanning a fingerprint on a phone. Unless a cybercriminal has their hands on an individual’s smartphone, this type of authentication is very hard to compromise. So, in honor of World Passwords Day, consider pledging to add another layer of security to your most sensitive accounts.