It’s World Password Day, held on the first Thursday of May since 2013 as a way to remind people to not use “password” as their password and generally practice better and more secure habits online.
It’s also a good day to hear a lot of sobering statistics — as Microsoft notes, there are 921 password attacks every second, which is a doubling of the frequency over the past 12 months — and realize that people are still doing some very dumb things when it comes to keeping their online info secure.
With that in mind, a few lessons to remember on this 10th annual World Password Day:
- Don’t use your pet’s name as a password. According to Aura, a digital security provider, 39% of American pet owners have used their pet’s name as part of their password for an online account. And that’s not good, because pet owners tend to share their pets’ names on social media.
- Do use a password manager. Use of password management services or built-in browser vaults was up from 22% to 32% year-over-year in 2021, according to Security.org. These managers work across different platforms and devices and they can help you create unique passwords (and automatically sign you into sites). I personally use Dashlane and I’ve had few issues.
- Don’t reuse passwords. More than two in three people continue to use the same passwords across multiple accounts, as noted by Security.org. And once your sign-in and password info hits the dark web, you’re leaving multiple accounts exposed to hackers.
- Do use multi-factor authentication: According to stats by the open-source password manager Bitwarden (as reported by USA Today), 79% of U.S. respondents use multi-factor authentication for workplace accounts and 77% for personal accounts. Yes, utilizing a two-pronged approach — in this case, a password or biometric login followed by a one-time code sent to your phone — is irritating. But it’s also less irritating than having your credit card info stolen.
The good news? We’re getting closer to a more secure and password-less future. Google, Apple and Microsoft all recently agreed to expand support for a password-free sign-in standard from the FIDO Alliance and the World Wide Web Consortium, according to TechCrunch. So you’ll be able to use your smartphone to sign in to an app or website without worrying about the operating system or browser you’re using (or remembering a password).
Basically, once you unlock your smartphone, via fingerprint, face scan or PIN, you’ll be able to unlock other devices and sites as well.
More Like This
Thanks for reading InsideHook. Sign up for our daily newsletter and be in the know.