In 2004, Bill Gates prematurely postulated that passwords were dead. According to a recent DarkReading post, in 2005 security expert Mark Burnett wrote a book called Perfect Passwords, in which he floated the idea of dedicating one day in the calendar each year when everybody should change their passwords. Here we are in 2021 and passwords are still pertinent today and for the projected future. Bill is probably perturbed that his prediction was poor, but regardless of your preferred posterity, until passwords perish, we all have a part to play on World Password Day.
Countless breaches and data leaks continue to prove that we all suffer from perpetual password pitfalls. Even the bad guys flounder in this practice. A recent post by Brian Krebs points out how cyber criminals are terrible at operational security, including their propensity for reusing and recycling of passwords across multiple accounts, and how they also get compromised at the same rate as the rest of us.
We may never prevail over the password problem before it passes away. Until then, here are a few reminders on practicing a premium preventative password posture:
- Make passwords less crackable – longer is stronger.
- Do not reuse passwords – make a unique password for each site and service (work or personal).
- Use multifactor authentication (MFA) wherever it’s available.
- Consider using a password manager/vault to create and securely store harder to crack passwords.
- Suggest creating passphrases that are more easily remembered (especially if you don’t trust password managers).
- Check reputable sites/services that can check your credentials against known leaks – Troy Hunt’s Have I Been Pwned is an example.
- Change your password when you discover or are notified of your account being included in a breach/leak, regardless of whether it is unique or not.
Bill missed the mark on password mortality. But he was right when he said the traditional password cannot "meet the challenge" of keeping critical information secure. Therefore, it only makes sense to actively and responsibly protect them.
For more on World Password Day and tips on password hygiene, visit:
