Celebrating World Password Day: Password Tips and Trends to Protect Your Logins
Digital accounts have woven their way into nearly every aspect of our lives. Every year, World Password Day reminds us of the importance of cybersecurity and password hygiene practices to protect our identities, finances, files, and devices. As we prepare to celebrate another World Password Day on May 2nd, let’s take a moment to reflect on this holiday’s history and some important password trends, including the shift to passkeys and passwordless authentication.
A brief overview of World Password Day
The use of passwords can be traced all the way back to the origins of the spoken word. Military institutions, secret societies, and government agencies have used passwords for centuries. With the development of computers and the internet in the late 20th century, we suddenly began to use dozens of online passwords in our everyday lives.
- What is World Password Day?
World Password Day is an annual holiday created by Intel to remind us of the significance of passwords and highlight the importance of random, complex, and unique passwords. It’s the perfect opportunity to assess our password habits and change them as needed, hoping that this behavior will continue throughout the year.
Passwordless authentication methods, such as PINs and passkeys, have also gradually gained popularity. This has led some cybersecurity organizations to consider World Passwordless Day (June 23rd) just as much of a holiday as World Password Day (May 2nd) and to celebrate them simultaneously.
Passkeys are a faster, more secure way to log in. Learn how they work and what password problems they solve.
- Inspired by a book
Much of the credit for World Password Day goes to security consultant Mark Burnett, who published his definitive guidebook, Perfect Passwords, in 2005. In it, he warned readers of common password mistakes, such as using the names of family members or pets, and included his ranked list of the 500 worst passwords of all time. Burnett surmised, “When it comes to passwords, we just aren’t that clever.” Nearly two decades later, the problem of weak passwords persists.
- When is World Password Day?
The first Thursday of May is dedicated to the internationally celebrated World Password Day. Back in 2005, when Burnett encouraged his readers to set aside one day a year to review their credentials, this may have seemed daunting. Eighteen years later, tools like Dashlane’s Password Health score automate this process by continually tracking your weak, reused, and compromised passwords for you.
Security concerns for passwords
Passwords and password management have evolved tremendously over the decades. Honor the legacy of World Password Day by reviewing these ongoing password security challenges:
- Too many passwords to manage and remember
The average person is responsible for over two hundred passwords, and half of us rely on memory alone to keep track of them. This becomes a security concern when weaker passwords are used because they’re easier to memorize, and the storage process for dozens of passwords becomes unmanageable.
- Password reuse
Our expanding password lists have also led to an increase in password reuse. This common habit puts multiple accounts at risk: If just one gets breached, you’ll need to reset all your passwords individually, so keeping every login unique is a good idea. Password reuse also makes us more vulnerable to common hacking tactics that rely on weak or reused passwords since they’re easier to decode.
- Unsecured password sharing
Sharing passwords with friends and family members for things like online retail accounts and streaming services is also a common habit. Like password reuse, it increases your level of exposure if a cybercrime impacts these trusted contacts. Paper notes and email messages are not a secure way to share passwords, and online sharing tools don’t always encrypt data to protect information from hackers.
Unsecured password sharing can be a security risk for organizations, too. For instance, when Foodcorp employees resorted to emailing passwords and exchanging spreadsheets for access to grant applications, they turned to Dashlane for help.
Dashlane’s password sharing feature can be used to securely share passwords and other information. All data is encrypted, and passwords are safely autofilled to keep information private.
- Cybercriminals and data breaches
Weak, reused, and unsecurely shared passwords put your private information at risk. Bad actors take advantage of these security vulnerabilities using a variety of tactics that include:
- Phishing. A cybercriminal will impersonate a trusted source, usually using an email message or webpage to lure the recipient into providing confidential information like passwords and account numbers. To limit the impact of phishing attacks, avoid clicking on embedded hyperlinks, and always double-check that the sender’s email address matches the company URL.
- Credential stuffing. If you’ve ever forgotten a password and tried plugging in multiple usernames and passwords, hoping you eventually guess correctly, then you understand the basic principle behind credential stuffing attacks. Hackers will often improve their odds by purchasing stolen logins and then using automation to attempt to gain access to multiple accounts.
- Brute-force attacks. This tactic also uses trial and error to gain unauthorized account access. Unlike credential stuffing, in a brute-force attack hackers will use algorithms, password generators, and automation to cycle through usernames and passwords. Long and complex passwords are much less predictable and create a solid line of defense.
- Ransomware attacks. Ransomware attacks use particularly dangerous strains of malware to render files or devices unusable until a ransom is paid, typically using cryptocurrency or credit card transfers. Organizational accounts are often the targets of ransomware attacks, which can result in difficult financial and reputational consequences. Although the software is quite sophisticated, cybercriminals still rely on common delivery strategies such as phishing.
Password trends to keep an eye on
Computer technology and security challenges continue to evolve quickly. World Password Day is the perfect time to brush up on password know-how and review some of the latest password trends and breakthroughs:
- Passkeys and passwordless authentication
Biometric recognition is one of several passwordless authentication approaches. The idea is to replace all traditional passwords—and, by default, their value to hackers searching the dark web—with methods that don’t require users to enter credentials. Passkeys that use public key cryptography to verify your identity through your mobile device are a secure passwordless authentication method being developed by Apple and Google and supported by Dashlane. Passkeys can’t be guessed or reused, unlike passwords, and are only stored on your device.
- Multi-factor authentication
2-factor authentication (2FA) uses a second credential, such as a push notification sent through an app or text, to confirm your identity. This might add a few seconds to your login time, but it also makes it nearly impossible for intruders to access your accounts without having your device in their possession. Multi-factor authentication (MFA) uses two or more identifiers, sometimes including biometric factors like fingerprints or facial recognition.
- Security keys
Security keys take 2FA further by using physical keys, rather than transmitted codes, as a second identifier. Security keys can be embedded into a device or plugged into a USB port. When you log in to your account, you’re prompted to touch or press the security key, making it impossible for anyone to access your account without the physical key.
- Single sign-on for login
Single sign-on (SSO) authorizes you to log in to multiple accounts after verifying your identity just once with the SSO provider. SSO saves you time while improving security by minimizing the password reuse that exposes multiple accounts in case of a data breach. SSO also improves efficiency for IT teams by simplifying authentication and reducing set-forget-reset cycles among employees.
- Biometric recognition
New computer and device technology allows biometric features like your face, fingerprint, or voice to be used for authentication. The convenience and portability of biometric recognition ensures it will continue to gain acceptance, although it’s still far from foolproof.
- Password generators
The originators of World Password Day recognized the value of long, complex, and unique passwords, even before tools were available to make their creation nearly effortless. The best way to consistently create strong passwords is by using a password manager’s password generator feature and saving them in the password manager so you don’t need to write them down or memorize them.
- Password managers
A password manager protects all your important accounts by encrypting passwords and account information, storing your data in a secure vault, and enabling 2FA for an additional layer of security. Automatic password generation features and autofill improve both security and convenience by eliminating the need to create and remember a strong password for each account.
Top 8 password safety best practices
Password technology, threats, and best practices have continued to evolve since the first World Password Day was celebrated over a decade ago, but some things have remained the same. Following these timeless password tips will improve your cyber health:
- Make each password unique: Having a unique password for each account is important since it limits your exposure to a single account in case of a data breach. Use a password generator to ensure your new passwords do not resemble any of your old ones.
- Use more characters: Although there is no set rule for password length, increasing the number of characters from 8 to 12 raises the number of possible combinations from 200 billion to 95 quadrillion, which makes your password much harder for hackers to decode.
- Store passwords securely: Spreadsheets and notebooks aren’t secure password storage methods, and many built-in browser password managers create an unencrypted list of your passwords that are vulnerable during a breach. The best way to store passwords is by using a password manager to keep them in a protected cloud server.
- Change passwords only when necessary: Password changes have little value when you replace strong passwords with weaker ones or make minor changes that hackers can easily decipher. Only reset passwords if you discover malware, have been impacted by a data breach, or have shared your password insecurely.
- Track your password health: It can be hard to improve your password hygiene if you don’t know where you stand. Dashlane Password Manager provides an intuitive Password Health score that gives you direct insight into your password hygiene by tracking your weak, reused, and compromised passwords.
- Beware of phishing attacks: A phishing attack’s primary objective is to convince you to share your passwords and other personal information. Keep an eye out for the telltale signs of phishing emails and websites, which include misspellings, poor grammar, and incorrect URLs that don’t match the company’s website. But also know these signs are not always present—phishing and social engineering tactics are becoming increasingly advanced. Fortunately, real-time phishing alerts can help with some of these threats.
- Use antivirus software: Antivirus and anti-malware software scan your device continually to detect, quarantine, and remove malicious files, such as spyware, that can be used by bad actors to steal your passwords and other private information.
- Use dark web monitoring: You may not always realize when your passwords have been compromised. Dashlane uses Dark Web Monitoring to scan the hidden recesses of the internet for your personal information and credentials and alert you with recommended next steps if they’re detected.
How Dashlane helps you celebrate World Password Day
Each year, World Password Day reminds us of the importance of secure logins as we navigate dozens of accounts and try to keep our information and devices as secure as possible. Dashlane provides intuitive password generation with encrypted vaults for password storage and sharing that keep your logins secure and private. Additional features like a Password Health score, 2-factor authentication, VPN, phishing alerts, and Dark Web Monitoring round out the comprehensive cybersecurity solution. There’s a reason 19+ million individuals and 23,000+ organizations trust Dashlane.
Passwords have come a long way since the first World Password Day, and they continue to evolve as technology improves and hacking techniques grow more advanced. Learn more about the history of passwords and how they’ve kept us safe since ancient times.
Sign up to receive news and updates about Dashlane