If you haven’t been lectured/reminded recently by the IT department on safe password practices, today a group of leading vendors is taking on the burden.
This is World Password Day, according to Intel, Microsoft, Asus, the U.S.-based National Cyber Security Alliance (a vendor-sponsored association) the University of Texas and some 600 other organizations. They urge employees and consumers to take on the challenge of passing on these tips today for safer passwords:
1. Change your passwords regularly
2. Enable multi-factor identification on applications that allow it
3. Use unique passwords for every account you have
4. Don’t casually share your passwords
5. Lock your device with a PIN or password
6. Let a manager memorize your passwords
7. Stop using passwords that are one word
8. Make long and strong passwords
Because many people have a bad, funny, or embarrassing story about passwords, Intel is also encouraging people to share a password confession via a picture, video, tweet or status update using the hash tag #PasswordConfession.
Is there a bit of marketing in this? Yes. Intel, for example, recently bought a password manager (see recommendation 6. It’s also offering the chance to win a premium subscription to its service for people who “confess,” just to put a little humour and social media into the campaign). Another group of vendors says its time to end passwords. But this also the industry deciding that it isn’t going to sit back and watch attackers undermine the Internet.
On the other hand Verizon Communications concluded in its 2015 data breach report that 24 per cent of security incidents it studied could have been stymied with two-factor authentication (although that would include hardware tokens in data centres). Using more complex passwords would have gotten in the way of two per cent of attacks, but it has the virtue of being quickly implemented.
The truth is we need a monthly, not a daily, reminder to follow better password practices. But it’s a start.