Avatar photo

By Citizen Reporter

Journalist


World password day: Simple ways to improve your online security

World Password Day aims to promote better password habits.


There seems to be a holiday for practically every day of the year and today – as the first Thursday in May – is World Password Day. 

The aim of the day is to promote better password habits as the world does more things through computers and other digital devices and apps. 

According to Fortinet, insecure or inadequate passwords are an easy target for cybercriminals and offer easier access to critical information than trying to break in through edge security protocols. 

Attackers can uncover or bypass weak passwords using brute force attacks, inject compromised credentials to gain access to user accounts using credential stuffing attacks or use a host of other strategies to hijack user accounts to steal personal or corporate data.  

“Controlling who has access to restricted data, systems or areas is one of the most fundamental elements of security. Weak passwords, password reuse, and lack of multi-factor authentication application are still some of the most serious concerns for cyber security,” said cyber security expert and GoldPhish CEO Dan Thornton in a World Password Day statement. 

R90 million in Sassa grants was stolen at the PostBank last year. Photo: iStock
R90 million in Sassa grants was stolen at the PostBank last year. Photo: iStock

Here are a few password behaviour changes people should consider for maximum digital protection according to a variety of experts. 

1. Three Random words:

Forget super complex passwords that make no sense, remember length trumps complexity. Instead use “passphrases” with three random words that you can actually remember. If you need to get a bit more advanced, sneak in the odd number and special characters.

According to Fortinet, most people are not diligent about creating strong passwords and keeping them safe thus using passwords with flaws for their most important accounts. 

READ: Hackers with access to 54 million personal records demand R224m ransom from TransUnion SA

“Being diligent about creating strong passwords and updating them regularly has been seen for years as the first line of defense in securing both your personal and corporate information.”

Tom’s Guide cites various rankings to round up the world’s worst passwords of 2022. 

These include 123456; 123456789; qwerty; qwerty123; and password.

According to the UK’s National Cyber Security Centre,  the password ‘123456’ has been found over 23 million times in the breaches tracked by web security consultant and researcher Troy Hunt of Have I Been Pwned.

2.  Change your passwords:

In the event of data breaches, Thornton advises immediately changing your passwords on any site that has had a data breach or if you are at all suspicious. 

According to Fortinet, security experts recommend not using passwords related to your name, family member names or pet names.

They also advise against using consecutive numbers or letters as a password and advise creating passwords at least 10 – 15 characters long that randomly mix letters, numbers and symbols.

“Common best practice advice includes: don’t reuse passwords across multiple sites and accounts, and change them regularly. Don’t choose passwords that could be easy to guess – such as your favourite food, sports team, activity or music.” 

Additionally, it would be ill-advised to assume simple obfuscation techniques will work: “P@$$w0rd” is only slightly more difficult for hackers to guess than “Password”.

For World Password Day, cybersecurity experts also advise against reusing passwords across numerous platforms. The more unique the better.

3. Enable multi-factor authentication:

Use multi-factor authentication on all your accounts, including email, social media, shopping, and financial services, for extra protection. 

This adds an additional layer of security because, when you sign in from an unfamiliar device, you will be asked to confirm your identity via text message, email, or code.

4. Remembering passwords: 

While generating a hard-to-guess password is a relatively easy matter, remembering multiple obscure letters, numbers and symbol configurations is more challenging.

The Cyclonis Password Security Report found that half of the respondents forget their passwords four or more times a year. 27.95% of people forget their passwords 10 or more times a year, and 6.96% forget their passwords 16 times or more each year and have to reset it each time.

5. Storing passwords:

Saving all your passwords on a digital document or writing them down on a piece of paper is not the best way to remember them, since these documents are also at risk of being seen or stolen, which could give people access to your accounts and information and could also allow them to impersonate you in email and social media-based phishing attacks targeting your contacts.

6.  Get a password manager

Password managers (or a web browsers) can generate and store all your passwords securely, so you don’t have to worry about remembering them. This allows you to use unique, strong passwords for all your important accounts.

This World Password Day, experts have also noted that Password managers have emerged as a good way to better secure your accounts. 

Doros Hadjizenonos, Regional Director Southern Africa, Fortinet advises choosing a reputable one which is encrypted and in the cloud. 

“While some password managers are free, I recommend using a paid service to be sure of support if necessary, and I suggest looking for one with thousands of good reviews. Good password managers will generate a strong random password up to 24 characters long, and remember them for each site and application. Users then need to remember only one password – to their password manager vault.”

Alcatel recommends six password managers for Android smartphones:

  • aWallet Password Manager

This app securely stores your passwords, credit card information, e-banking credentials, web accounts and other custom data. If you upgrade to the pro version, you can use fingerprint and face unlock as well as use the password generator.

  • Bitwarden Password Manager

Use Bitwarden to manage, store, secure, and share unlimited passwords across unlimited devices from anywhere. Bitwarden delivers open-source password management solutions for home, work, and on-the-go. It helps you generate strong, unique, and random passwords for every website you use.

READ: DStv implements new change to limit ‘DStv Now’ password sharing

  • 1Password – Password Manager

The popular 1Password was selected by Android Central as the best password manager for Android. It remembers all your passwords for you and keeps them safe and secure behind the one password that only you know. You can also use it to store information such as credit cards, addresses, notes, bank accounts, driver licences and passports.

  • LastPass Password Manager

LastPass is a password manager and password generator that locks your passwords and personal information in a secure vault. From your LastPass vault, you can store passwords and logins, create online shopping profiles, generate strong passwords, and more. Simply remember your LastPass master password and LastPass will autofill web browser and app logins for you. 

  • RoboForm Password Manager

RoboForm is a password manager and form filler that offers access to your passwords on all your devices. It provides secure one-tap logins for websites and apps with a single master password that only you know.

  • Dashlane Password Manager

Dashlane fills in all your passwords, payments, and personal details wherever you need them, across the web, on any device. You can sync your Dashlane data to every device automatically, even if your phone and computer run on different systems.

For additional security;  Hadjizenonos ​​says adopting a Zero Trust approach is a better way to overcome password weaknesses. 

“In contrast with the old ‘castle and moat’ security model, where a password serves as a key to everything in the castle, Zero Trust prevents attackers from wreaking havoc once they are inside the castle.  In Zero Trust, no one is trusted and both users and devices are carefully authenticated before allowing them access to only the systems and applications they are permitted to access.”

Read more on these topics

Cybercrime

For more news your way

Download our app and read this and other great stories on the move. Available for Android and iOS.