World password day
by Bouchera BIBI TRIKI
2022-11-30
4 minutes, 51 seconds estimated reading time Cybersecurity

Just like World Labor Day, World Telecommunication Day or World Press Freedom Day, the world also celebrates World Password Day every first Thursday of May every year. Passwords, which are at the heart of today’s security systems, are in fact one of humanity’s most important innovations! This importance is part of an environment marked by the profusion of the Internet, the interconnectivity of systems but also cyber wars.

 

History of World Password Day

World Password Day was an idea conceived by Mark Burnett, a security researcher. Mark Burnett, through his book published in 2005 « Perfect Password: Selection, Protection, Authentication » inspired this day dedicated to passwords. Indeed, his idea inspired Intel Security to declare the first Thursday of May every year as « World Password Day » in 2013. But unfortunately, and after almost a decade, many of us around the world, still don’t understand the purpose and importance of having passwords. This is a sad reality, especially with the rise in cybercrime over the past decade.

Some figures about passwords

Let’s look at some figures from several studies on passwords:

  • 99.9% – the percentage of password threats that can be handled using multifactor authentication, according to Microsoft;
  • 2020 – the year the top type of information stolen worldwide was credentials;
  • 60% – the percentage of data breaches involving credentials;
  • 40% – the percentage of people in a 2020 study who said their organization’s data was compromised because of a weak or hacked password;
  • 40% – the percentage of organizations that use sticky notes somewhere to remember passwords;
  • 82% – the percentage of employees who admit to reusing the same passwords;
  • 60% – the percentage of reused passwords that are the cause of multiple data breaches in 2020;
  • 25% – the percentage of data breaches, which would result from Credential Stuffing in 2020;
  • ¾ – of employees who use the same passwords for both their work and personal accounts (Social Networking Accounts for example).

 

 

The list of the most common passwords and how long does it take to crack them?
  • 123456: less than a second to crack, with 3.5 million uses recorded in a study;
  • Password: less than a second to crack, with 1.7 million uses in one study;
  • abc123: less than a second to crack, with 610,000 uses in one study;
  • Qwerty: less than one second to crack, with 382,000 uses in one study;
  • 11111: less than a second to crack, with 369,000 uses in one study.

 

So, how do we bring this day to life and celebrate it?

By educating your friends, family and neighbors about the risks of cybercrime, by informing them about the need for good strong password hygiene and finally by changing your weak passwords to strong ones and helping them to do the same.
Here are some best practices you can implement right now. Some of these recommendations are taken from guidelines published by the National Institute of Standards and Technology (NIST)
(NIST) in 2022 as 800-63B-3 « Digital Identity Guidelines – Authentication and Lifecycle Management »:

  • Create strong passwords for all your accounts: encourage the use of longer (combination of words) and easier to remember passphrases, the only construction restriction imposed is a minimum password length of 8 characters and a maximum of 64 characters for a user generated password. While easy to remember, these passphrases are more difficult for hackers to guess using brute force;
  • Use a password manager: Forget about remembering all your passwords by storing them in a secure safe. You can then pre-fill login credentials, share your passwords securely, and generate new ones;
  • Limit password attempts: Using a brute force attack, hackers can breach an account by systematically logging in and trying every possible combination of letters, numbers and symbols until they find the right password combination. One of the best ways to deal with this type of attack is to limit the number of password attempts a single IP address can make in a certain amount of time;
  • Don’t use password hints: Password hints are frequently used by organizations to help their users remember complex passwords. This may involve the user answering a personal question such as « what city were you born in? » or « what was the name of your first school? ». The answers to several of these questions can easily be found on social networks by a determined attacker. This practice weakens security and should be avoided, as it could potentially increase the chances of a security breach;
  • Use multi-factor authentication: Multi-factor authentication (MFA) is one of the most reliable ways to protect an account and doubly so when it is an account used for access to sensitive applications or data. According to Microsoft, accounts are more than 99.9% less likely to be compromised if MFA is enabled. Three types of authentication can be used:
    • Something you know (a password, PIN,…);
    • Something you have (a token, a phone, a physical security key, …);
    • Something you are (biometric data such as a fingerprint, facial recognition, …).
    • Some of these authentication methods are undoubtedly more secure than others, but this essentially means that even if someone steals or guesses a password, they will not be able to access the account without another authentication factor;
  •  Educate staff on password best practices: It is critical that your staff understands best practices and is fully aware of what your password policy requires of them. The awareness program should address, among other things:
    • The risks of using the same passwords for both personal and business accounts;
    • How to use a password manager;
    • How to create strong and secure passwords;
      The risks of using the same passwords for personal and professional accounts.
  • Compare passwords already used by your staff with passwords that have been breached in the past: Use tools that compare passwords used by your staff with a blacklist that includes dictionary words, repeating or sequential strings, passwords stolen in previous breaches, commonly used passphrases, or other words and patterns that hackers could guess. These exposed passwords are considered already compromised.

Collaboration is at the heart of how we operate.Through a customer-centric approach, our methodology harnesses the power of collaboration to achieve a value-based outcome created by synergies between people, processes and technology.

Contact Us

The power of thinking solutions