World Password Day: Five Tips to Secure Your Password

Thursday, 5 May 2022 is World Password Day. Intel created World Password Day in 2013, designating the first Thursday of May each year to raising awareness about the role strong passwords play in securing our digital lives. The objective of this day is to raise awareness of the importance of using a unique password for each account you have and promoting better habits of password management, both for individuals and organisations.

Passwords have been used for authentication of users for over 60 years, and while alternatives like biometrics and facial recognition are becoming more mainstream, passwords still remain the go-to method of authentication, even though they're vulnerable to brute-force attacks.

Passwords are an integral security measure for your digital identity and provide access to several online services. However, many people still use the same password for all their accounts and store this password in an insecure manner.

In the spirit of World Password Day, ManageEngine, the IT management division of Zoho, is offering its top five best practices for password management to keep your data and devices secure from cybercriminals.

1. Do not reuse your passwords

Usually, when large-scale cyberattacks are carried out, the data of compromised usernames and passwords is leaked or sold online by hackers. If your account is compromised and you use this email address and password combination across multiple sites, your information can be easily used to get into any of these other accounts. Use a unique password for everything to ensure security across all accounts.

2. Make sure your passwords are complex and hard to guess

Weak passwords, including the most commonly used passwords, can be cracked in seconds. The longer and more unusual your password is, the harder it is for a cybercriminal to . Using three random words out of context along with making your passwords complex (i.e., creating passwords full of random characters, symbols, and numbers) is a good way to set a strong password.

3. Don’t give away clues to your password via social media and personal activities

Avoid creating passwords from significant dates (like a loved one’s birthday or your own birthday), and don't use the name of your favourite sports team or a pet's name. Most of these details about you can be easily discovered on your social media profiles. Never write down your passwords and leave them on a note near or on your laptop. If you work in a busy environment with multiple people around your workstation, you don't want to leave any nearby clues or prompts to your passwords that may attract a malicious insider to attempt brute-forcing your account.

4. Adopt two-factor or multi-factor authentication as part of your security protocol

Complex and regularly updated passwords are a reliable form of security; however, even the strongest password can eventually be cracked with enough time. To fully mitigate the threat of a brute-force attack, you need to enable two-step verification or multi-factor authentication on all your online platforms. This way, even if an attacker correctly guesses your username and password, they'll still need to complete a second factor of authentication, like entering a one-time password sent to your email, before they gain access to your account.

5. Invest in a reliable password vault

The passwords you use to access your online accounts should be strong and shouldn't be used across multiple accounts. If you've used the same credentials across different accounts and a cybercriminal manages to your password, they'll be able to access all your accounts.It's impossible to remember dozens of different passwords and which one you chose for which account, which is why so many people use a variation of the same password across different accounts. But this habit is also a dangerous practice because variations of the same password are not hard to if one of them has been identified.

Organisations are home to a vast number of privileged accounts that give users elevated access to sensitive business information. Safeguarding access to privileged data and resources is critical given the omnipresent nature of passwords across corporate networks. Manually maintaining spreadsheets of classified information, including passwords, keys, and signatures, is not only time-consuming but presents a huge risk to security should a malicious insider or outside attacker gain access to this documentation.