Insights | 5.5.22

Password@2022

We all know the importance of guarding our passwords, of making them as long and complex as possible. One compromised password can put our digital identities and professional and personal information at risk. We also know how often we’ve forgotten and had to reset them. Here’s something you might not have known – May 5th is World Password Day. I’m sure that you think of Cinco de Mayo as the day to eat Mexican food, or enjoy watching a parade and dancing, but now you can also ponder the importance of passwords. Granted, one of those things is more fun than the other, but one is crucial for business and personal cybersecurity (no, it’s not fish tacos).

In 2005, Security Researcher Mark Burnett suggested that everyone should have their own designated “password days” when they change their passwords. He outlined this idea in his book “Perfect Passwords,” which inspired the company Intel to create a worldwide day of observance. The first Thursday in May was declared World Password Day. Observed for the first time in 2013, World Password Day spread awareness about the importance of strong passwords, and the importance of updating them regularly.

Describing the requirements for good passwords is one thing, but seeing a visual representation is better. Below is a color-coded chart made by Hive Systems that shows how long it takes a hacker to break a password (with current technology) based on their length and complexity. As you can see, short, simple passwords are similar to having no password at all, but as a user’s password gets longer and more complex, they become virtually impossible for a hacker to crack.

But, how about a world where you don’t need a password at all?  It sounds nice and is becoming more of a reality every day. Most of us already unlock our smartphones with biometrics like our fingerprint or facial scan. On those phones, we can use a mobile app as part of multifactor authentication. There are other physical devices, USB sticks or mini-keycards for instance, which can easily verify identity. Many businesses and government agencies already use these and more are starting to adopt them. In the near future, it is likely that everyone will use some form of non-password authentication. For now, though, passwords continue to play a fundamental role in cloud security, so it’s still important to follow the basic rules: make them at least 12 characters long, use both upper and lower caps, numbers, and special characters.

Happy World Password Day!

Here are some useful resources:

How to check if your email or phone has been found in known data breaches-https://haveibeenpwned.com/

More details on Hive Systems and how they calculate the crack times-https://www.hivesystems.io/blog/are-your-passwords-in-the-green

 

Article written by TechFlow’s Tim Britten, Systems Administrator