Did you know that May 6th was Beverage Day, No Homework Day (set up, apparently, to give children a break from the stresses homework can create), and the first day of Nurse’s Week? It is also Password Day.
This is the day when organisations that want us to manage our passwords more effectively release research reports, statistics and good advice. Depending on what’s caught your eye, you might now be aware of how many of us rely on number sequences like “123456”, birthdays, pet names, family names and even “password” as passwords. Or you might have learned how many organisations have faced security breaches because of poor passwording, and perhaps how much money that has cost them – or the economy – over the last year.
Information like this has been hitting our inboxes for nearly a decade. It was 2013 that Password Day was designated as the first Thursday in May by Intel Security, though the idea was mooted as far back as 2005 by Mark Burnett, a security researcher who suggested in a book called Perfect Passwords that people set aside a specific day to update their important passwords.
Why do so many of us continue to set up insecure passwords? I think that where personal passwords are concerned inertia has a lot to do with it. Just as in the same way we don’t change our bank or energy supplier even though we know better deals are available elsewhere. But inertia isn’t an acceptable reason for organisations to be lax about passwords. They have legal obligations to protect personal data, and businesses will want to keep their commercially sensitive information well and truly private. This means protecting themselves against cyber-attacks and ensuring that login systems are secure.
The best way to ensure passwords are secure – and can’t be guessed or cracked – is not to use them at all. This simple fact is increasingly understood, and passwordless authentication is being used by more and more organisations, including household names that can play an important role as standard-bearers. In February this year Microsoft made passwordless authentication generally available for Azure users, opening up the possibility to many for whom it may be novel.
Maybe seeing passwordless authentication being used by large organisations like Microsoft will encourage others to research the benefits. The fact is that implementing passwordless authentication isn’t difficult, and it isn’t expensive. There are different systems for different needs. For example, in an environment such as healthcare, where multiple logins to different computers throughout the day is required, proximity based systems like GateKeeper Enterprise allow login – and logout – to happen automatically as people approach and leave the computer they need to use. For those who just log in to one computer, a biometric key like our Microsoft approved ThinC-AUTH is all that’s needed.
If you want to celebrate something different every day, keep an eye on the Days of the Year web site. If you don’t want all those worrying statistics about poor password management nagging at you on Password Day in 2022, then get in touch with SecureDrives.