Happy World Password Day

Since 2013 the first Thursday in May has been designated as World Password Day, a day intended to remind us of the critical importance of password security

Recently a study by market research company Gitnux found that 60% of Americans use the same password for multiple online accounts. This is particularly problematic because if the password is compromised, such as in a data breach of one account, all of the other accounts using that same password which may include sensitive accounts such as online banking become vulnerable.

While passwords are still the coin of the realm for account access and verification, newer, more secure authentication methods offer much promise.

Biometric recognition, such as through fingerprints, facial features or retina scans can provide enhanced security without the necessity of remembering a password. However, nothing is foolproof and a sophisticated hacker could create a fake fingerprint or use a high resolution photograph to manipulate facial recognition systems. Further, changes in physical appearance or injuries can affect the accuracy of biometric recognition systems.

Password managers provide an option for the secure use of passwords. Password managers are apps that can generate and store strong, unique passwords for each of your accounts and all you need to remember is a single master password for your password manager.

If you do decide to use a password manager, you should remember not to use your password manager master password for any of your other accounts.

Another recent development in password security is to have your browser, computer or phone create and store passwords for you.

For Google Chrome

For Firefox

For iPhones

For Android phones

However, if you prefer to use the helping hand you find at the end of your own arm and generate your own unique, complex passwords for each of your accounts that are easy to remember, here is a strategy that is very effective. You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords that has capital letters, small letters and a symbol. Add a few symbols at the end so it may read IDon’tLikePasswords!!! and then adapt it with a few letters for each particular account you have so that you will have a secure and easy to remember password for each of your online accounts. Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.

Having unique, complex passwords for each of your accounts is an essential element of online security. A report from Hive Systems indicated that due to advances in advanced graphics processing technology, hackers could crack an 8 character complex password with capital letters, lower case letters and symbols in 39 minutes and a 7 character complex password could be cracked in a mere 31 seconds. As for complex passwords of 6 characters or less, they can be cracked instantly.

Security.org has a great tool whereby you can type in your password and it will tell you how long it would take for a hacker to crack it. According to Security.org it would take 8 quintillion years to crack my IDon’tLikePasswords!!! base password.

However, password security is not just about passwords, it is also about your security question. When you set up an account, you select and answer a security question which you can use to change your password if you can’t remember the password for the particular account. A problem with security questions is that often the questions may be something like what is your mother’s maiden name which a determined hacker, particularly in this era of AI, could find the answer to, change your password and access your account. This is what happened when a hacker managed to take over Sarah Palin’s email account by answering the security question of where she met her husband. The easy way to avoid this problem is to pick a nonsensical answer to the security question. For instance, the answer to what is your mother’s maiden name could be “firetruck.” No hacker will be able to determine it and it is so silly that you will undoubtedly remember it.

Finally, because it is not a matter of “if,” but “when” you will have your passwords compromised in a data breach, it is important that you not only use unique passwords for all of your accounts, but also use dual factor authentication for all of your important accounts so that even if your password is compromised, an identity thief who knows your password will still not be able to access your account. In the most common form of dual factor authentication, when you go to an online account and put in your password, a text message with a one-time code is sent to your cell phone for you to provide in addition to your password to gain access to your account.