Observing World Password Day

🔒 Happy World Password Day 2025! 🔒

Each year on the first Thursday in May, we celebrate World Password Day and the importance of strong, secure passwords in protecting our expanding digital lives.

Passwords are our gatekeepers, safeguarding everything from our applications and databases at work, to our social media accounts, to our most sensitive personal information. World Password Day serves as a reminder to evaluate and strengthen our password practices, ensuring we stay one step ahead of cybercriminals.

In this blog, we'll delve into essential tips and strategies that both IT professionals and regular folks can leverage to create and manage secure passwords.

Best Practices for Password Protection

Use a Password Manager: Password managers can generate, store, and autofill complex passwords for you, reducing the risk of using weak or repeated passwords (a common vulnerability exploited in credential-stuffing breaches).

Password management solutions offer the added benefit of helping security and risk management leaders increase password policy adherence among end users. It is a well-known fact that employees often resort to non-secure password use for speed and expediency. These tools make it much easier for users to comply with strong password standards.

Enable Multifactor Authentication (MFA): Adding an extra layer of security by enabling MFA on your accounts is imperative – especially for administrative accounts. Threat actors increasingly are using stolen legitimate credentials to do their dastardly deeds.

With MFA, even if an attacker manages to obtain your password, they still need the additional factor(s) to gain entry, making it much harder for them to succeed. This added layer of security helps protect sensitive information from breaches, phishing attacks, and other cyber threats. Implementing MFA is a simple yet effective way to safeguard your digital identity and ensure that your accounts remain secure.

Best Practices for Creating Your Own Passwords

Use Strong Passwords – or a Passphrase: Create passwords that are at least 16 characters long, combining uppercase and lowercase letters, numbers, and special characters. Or, try a long passphrase made up of four to seven random words. When it comes to passwords and phrases, length – up to 64 characters - is even better than complexity.

Perhaps fortunately for us mere mortals, the National Institute of Standards and Technology (NIST) no longer recommends adopting rigid, overly complex password rules. Research found that this practice was counterproductive as users could not remember their complicated passwords and would circumvent best practices.

Avoid Common Passwords: Steer clear of easily guessable passwords like "123456," "password," or "qwerty." Instead, opt for unique phrases or combinations. And no, rotating patterns like “Spr!ng#202X” with “Summ3r#202X” with “F@ll#202X” with “W!nt3r#202X” to match the passing seasons and years doesn’t really count as unique.

Be Extremely Cautious with Password Sharing: Avoid sharing passwords via email or text – and definitely don’t leave them written on Post-it® notes that are stuck to your devices. If you must share, use IT documentation platforms like IT Glue, a Kaseya company.

What about regularly updating passwords?

Once upon a time, it was best practice to change passwords frequently. Today, NIST recommends changing passwords only when there is a good reason to – such as when one has been cracked.

Other modern no-nos include password hints and security questions, which are susceptible to social engineering and phishing.

For Applications and Password Storage

Use Password Hashing: Hashing is the process of converting a password into a fixed-length string of characters, which is typically a hash code. This is done using a hash function. The key properties of hashing are:

• Irreversibility: Once a password is hashed, it cannot be converted back to its original form.

• Consistency: The same password will always produce the same hash.

• Uniqueness: Even small changes in the input (password) will produce a significantly different hash.

Common hash functions include SHA-256 and bcrypt.

Use Password Salting: Salting involves adding a unique, random string of characters (called a "salt") to the password before hashing it. This ensures that even if two users have the same password, their hashed passwords will be different. Salting helps prevent attacks such as:

• Rainbow Table Attacks: Precomputed tables of hashes for common passwords are rendered useless because the salt changes the hash.

• Brute Force Attacks: Salting increases the complexity and time required to crack passwords.

Combined Salting and Hashing Process: While this sounds more culinary than cyber, we promise salting and hashing is a real security tactic.

1. Generate a Salt: Create a random string.

2. Combine Salt and Password: Append or prepend the salt to the password.

3. Hash the Combined String: Apply the hash function to the salted password.

4. Store the Salt and Hash: Save both the salt and the hashed password in the database.

By using both salting and hashing, you significantly enhance the security of stored passwords, making it much harder for attackers to compromise them.

Final Thoughts

As we wrap up our discussion on password protection best practices, it's clear that safeguarding our digital lives requires a proactive and informed approach. By utilizing password managers, enabling MFA, and implementing strong, unique passwords, we can significantly reduce the risk of breach.

On this World Password Day 2025, let's commit to making password security a priority. The evolving landscape of cyber threats demands that we stay vigilant and continuously adapt our strategies. By embracing these best practices, we can ensure our digital identities remain secure and resilient.

Remember, a strong password is the foundation of digital security—let's build that foundation together and make every day a secure day. 🔒🌐

#WorldPasswordDay #Cybersecurity #PasswordManagement #StaySafeOnline #TechTipThursday