World Password Day – Is This the Last Anniversary

By: Craig Kennedy

World Password Day – Is This the Last Anniversary

For the last ten years, the first Thursday in May has been deemed World Password Day.  World Password Day was created by Intel in 2013 as a way to reinforce awareness of the importance of strong passwords in keeping our digital identities secure and out of the hands of cybercriminals.

What Makes a Strong Password?

Almost everyone today knows that passwords like “abc123” or “qwerty” provide no real security against a brute-force attack, however it may come as a surprise to many that passwords considered reasonably secure as little as a few years ago are no longer considered secure. 

Today’s off-the-shelf high-performance GPUs are able to crack even the most complex 8-character passwords in under an hour. The simple secret to a strong password is complexity and length, and the longer the better. Hive Systems just published their popular infographic on how long it takes a hacker to brute-force crack a password of different complexities for 2023, and the results were eye-opening (see infographic below):

 

Source: Hive Systems

Looking Beyond Passwords 

Biometric authentication like fingerprint readers and facial recognition technologies have garnered a lot of attention as authentication methods and have been broadly implemented for various devices. As generative AI is becoming more available, deep fakes are becoming a concern as they have already proven to be capable of fooling some biometric authentication methods.

Passkeys may be the answer to finally weaning us off passwords. A passkey is a cryptographic key pair, one public that is registered with the entity you’re attempting to access, and one private that is retained on one or more of your devices. Passkeys are inherently more secure than passwords, however it requires adoption by all the websites, services, and apps that you access. The adoption of passkeys is accelerating with Google, Microsoft, and Apple all embracing the technology.

In the Meantime, Make All Your Passwords Strong

Weak passwords are one of the easiest ways for cyber criminals to gain access to your home or business network. Once your network is breached, these cybercriminals are masters at moving laterally within the network to compromise the rest of the systems on the network. As noted above, length and complexity are the real keys to a strong password.

So how do you remember a long complex password? Make it related to some phrase that you’ll easily remember, like “I Re@lly L1ke Ice Cre@m”. This is 23 characters, pretty easy to remember and is rated as very secure on PasswordMonster, a password assessment website. BTW: Don’t use this as your actual password as once this blog is published, I’m sure it will get added to a list for hackers to try, but you get the idea. 

Embrace the Use of a Password Manager

There is a wealth of password managers available for use, some are free, and others charge fees. I’ve found that many of the features I’ve come to expect and use extensively are only available in the paid versions. The power of a password manager is that all of your passwords can be stored in the password manager, and they can all be long randomly generated passwords that you’ll never need to remember, because the password manager is remembering them for you.

It can also auto-generate strong unique passwords to use for each account you access.

The one password that you’ll need to remember is the master-password that will get you access to all your other passwords. Make that one very strong (mine is over 18 characters).

Bottom Line:

Even though there’s some alternatives to passwords being developed and rolled out that are more secure, passwords will be with us for the foreseeable future. While we still need deal with passwords, make sure to make them strong and store them in a password manager. And on the first Thursday in May, be sure to review your passwords and make sure you’re staying safe in the digital world.

---

This blog is a part of the Digital Operations blog series by Aragon Research’s Sr. Director of Research, Craig Kennedy.

Missed an installment? Catch up here!

Blog 1: Introducing the Digital Operations Blog Series

Blog 2: Digital Operations: Keeping Your Infrastructure Secure

Blog 3: Digital Operations: Cloud Computing

Blog 4: Cybersecurity Attacks Have Been Silently Escalating

Blog 5: Automation—The Key to Success in Today’s Digital World

Blog 6: Infrastructure—Making the Right Choices in a Digital World

Blog 7: Open-Source Software—Is Your Supply Chain at Risk?

Blog 8: IBM AIU—A System on a Chip Designed For AI

Blog 9: IBM Quantum: The Osprey Is Here

Blog 10: The Persistence of Log4j

Blog 11: AWS re:Invent 2022—Focus on Zero-ETL for AWS

Blog 12: AWS re:Invent 2022—The Customer Is Always Right

Blog 13: How Good is the New ChatGPT?

Blog 14: The U.S. Department of Defense Embraces Multi-Cloud

Blog 15: 2022 Digital Operations—The Year in Review

Blog 16: Lucky Number 13 for Intel—Intel Is Back on Top

Blog 17: Quantum Decryption—The Holy Grail for Cybercriminals

Blog 18: Microsoft and OpenAI—Intelligent Partnership

Blog 19: ChatGPT—The First One Is Free

Blog 20: Bing and ChatGPT—Your Co-Pilot When Searching the Web

Blog 21: ESXiArgs—Ransomware Attack on VMware

Blog 22: The Cost of Supply Chain Security—$250M in Sales

Blog 23: OpenAI Delivers on APIs—Accelerating the Adoption of ChatGPT

Blog 24: OpenAI Delivers on Plugins—Is ChatGPT The New Generative Content Platform?

Blog 25: Microsoft Security Copilot—Defending the Enterprise at the Speed of AI

Blog 26: Operation Cookie Monster Takes a Huge Bite Out of The Dark Web

Blog 27: AWS Bedrock—Amazon’s Generative AI Launch

Blog 28: Google Cloud Security AI Workbench – Conversational Security