World Password Day: Why Strong Passwords Are Crucial for Cybersecurity

Passwords are a fundamental element of cybersecurity, however they are also one of the biggest problems facing information security today.

Intel created World Password Day in 2013 to raise awareness about the role strong passwords play in securing our digital lives. Since then, it has evolved to be one of the most talked-about dates in the cybersecurity calendar alongside Cybersecurity Awareness Month in October and other notable events like Change Your Password Day and Data Privacy Week. 

World Password Day is on the first Thursday of May every year. Here are the dates for the upcoming world password days so you can mark your diaries. 

Year      Date      Day

2024      May 2   Thursday

2025      May 1   Thursday

2026      May 7   Thursday

2027      May 6   Thursday

2028      May 4   Thursday

2029      May 3   Thursday

2030      May 2   Thursday 

As long as we have passwords, attackers and cybercriminals will continue to exploit weak passwords and other poor password practices to gain access to accounts, systems and networks.

A Keeper Security report released in 2023 found that 25% of people use solid and unique passwords, 34% admitted to using repeat variations of passwords and 30% still relied on simple and easily guessable passwords.

On this year’s World Password Day, take a look at our checklist to ensure that you and your organisation is doing all it can to ensure passwords are part of the security solution, not part of the problem. 

Requiring strong passwords can ensure that you have safer accounts in your business. It may seem obvious to many cybersecurity professionals, but it is important to continue to put the message in front of your employees, so they are using strong passwords and not reusing them across multiple accounts.

A strong password should be:

• At least 16 characters
• A mix of upper- and lower-case letters, numbers and symbols
• Unique. Passwords should only be used for one account.

By having a clear message to your entire organisation on the password best practices listed above you can mitigate some of the most common password weaknesses like easy to guess and multiple-use passwords. 

ADVERTISEMENT

Multi-factor authentication (MFA) is an important layer of defence that many of us already use in our day-to-day lives, for example when logging in to online banking.

Passwords alone typically do not provide an appropriate level of protection, hence MFA is recommended to add an additional layer of verification.

Other tools worth considering include single sign-on (SSO), which allows employees to use one set of credentials to gain access to multiple applications and services. 

Password managers act as a digital vault protected by a single, super strong master password you create. Within that vault you can create complex passwords for multiple accounts and save them all in one place, mitigating the need to remember multiple passwords. The master password is the only one you need to remember.

Password managers typically use encryption to scramble the account passwords and log-in information, making it unreadable even if someone hacks into the password manager itself.

Other benefits include automatically filling in your username and password on websites and apps you visit and many password managers offer apps for various devices, including desktops, smartphones and tablets.

Password managers can help all employees with password overload. 

It may seem like a good idea to get employees to change their passwords on a regular basis but the UK’s National Cyber Security Centre (NCSC) says in its guidance that forcing password expiry carries no real benefits.

The reasons for this include that the user is likely to choose a new password that is similar to the old ones as well as the fact that stolen passwords tend to be exploited immediately.

Instead, it is advised that users must change their passwords when there has been, or you suspect there has been, a compromise. 

Passwordless authentication is on the rise, and many argue that the future will be one without passwords. For example, the FIDO Alliance is promoting public key cryptography techniques that provide phishing-resistant authentication.

The FIDO Alliance and LastPass 2023 Workforce Authentication Report found that 89% of surveyed IT leaders expecting passwords to represent less than a quarter of their organisation’s logins within five years or less.

Many organisations, like Google, have begun rolling out passkeys in a step towards a passwordless future.

However, many argue that this has been an ongoing discussion, Bill Gates for example predicted the death of the password back in 2004.

We may be in a transition phase at the moment with a mix of password and passwordless solutions. It will likely be some time before the password is completely wiped out so ensuring you have strong password policies in place is vital to protect organisations and their networks. 

While the future may hold more sophisticated authentication methods, passwords aren't going anywhere just yet. By following these best practices, you and your team can stay a step ahead of hackers and keep your data safe. Remember, strong passwords are the first line of defence in today's digital landscape. Enjoy World Password Day by spreading the word. 

Enjoyed this article? Make sure to share it!

Looking for something else?