Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Get Back to the Basics this World Password Day 2018

Written by Jordan True

May 3rd, 2018

If you believe passwords will be killed off by biometrics, read this stat from a recent Cybersecurity Ventures report:

“The world will need to secure over 300 billion passwords by 2020.”

What happened to biometrics? Many visionaries declared that the release of Apple’s Face ID would call for the end of passwords as we know them. The reality is, it’s not that simple. Just months later the use of a 3D printer mask was used to compromise the system. All hopes and dreams were lost and biometric pioneers were sent back to the drawing board.  The main challenge with biometrics is you cannot change it once it has been compromised.

Look forward to celebrating many more World Password Days

With 300 billion passwords needing to be secure by 2020, security professionals have a lot of work to do, but it all starts with you. World Password Day is about bringing awareness to making the Internet a safer place, and it’s everyone’s shared responsibility. If you don’t stay up to date on the latest password security best practices throughout the year, make World Password Day the one day to get up to speed. We’ve made it easy for you with this quick getting-started list.

2 is better than 1

Whenever possible, use 2-factor authentication. Especially for accounts containing personally identifiable information, finances or other sensitive information. Don’t rely on a password alone. Today many companies offer free 2-factor authentication options you should take advantage of. Make today the day you turn them on wherever possible.

Power in Strength and Length

What type of password is the most secure? Are you still using a common word as a password, or have you started using a passphrase? The strength of a password really comes down to how easily an attacker can guess your password or use brute force for entry, or a similar attack. Today’s hackers can outsmart even the most unique dictionary words. When creating a password make it something unique—preferably a combination of multiple words—and it must always be something that only you know and no one can easily guess. From a mathematical standpoint, using a password 8 characters or more drastically increases its security.

Start Using a Password Manager

Not only can password managers help you craft unique passwords for each account, they also help you keep track of the age of your passwords. Easily update your passwords on a schedule, turn on 2-factor authentication, and put an end to cyber fatigue. But don’t forget, simply because you have your credentials vaulted, doesn’t mean they are safe. Remember best practices still apply when creating account passwords. Be sure to use passphrases, which are a combination of words that you can remember, and include only a few special characters like ?%&@!).  A long, strong passphrase combined with 2FA is tough to crack.

Encrypt, Encrypt, Encrypt

Think you are being savvy keeping your unique passwords in an Excel doc? Leaving your passwords in clear text is a sure way to get your accounts hacked. Excel files were never intended to be used as password managers and don’t have the proper security to lock them down. When storing your passwords, always opt for an encrypted vault.

Don’t Trust Anyone

Never share your password with anyone. When you need to share login information to an account, always provide a one-time password they can only use once. When they are done using the credential, if you do not have one-time password set up, make sure you immediately change your password for a new one.

Password Age Recommendations

This is a hot topic! Our security professionals advise that, depending on the sensitivity of the account, you must set a regular rotation schedule for the password. For human passwords, the rotation schedule should be between six and nine months. Don’t wait to be notified of a breach, by then it’s too late. Schedule a reminder to reset your passwords on an expiration schedule, and not just once a year when World Password Day rolls around.

Dead Password Security Recommendations You Should Stop Following Now

Password best practices have evolved drastically in the last few years and it’s because many of those “best practices” simply do not lead to better security. Here’s a quick look at those recommendations you should stop using now!

  • Don’t use password composition rules. Example, “Please use a password different from the last 1000 passwords, it must contain 10 numbers, 4 upper case letters, 5 lower case letters, 3 symbols, etc.”
  • Say goodbye to password hints. They never worked in the first place. Users used hints way too close to their actual password or just typed out their actual password for the laziest of convenience.
  • Death by security questions. Remember answering common questions such as, “What is your high school mascot, the street you grew up on, your favorite vacation spot?” All too personal, and now being used by hackers to compromise your accounts.

Curious about the global state of Privileged Account Management security? You’ll love the fun infographic!

Browser-stored passwords make it easy for hackers to get inside your network.

Pinpoint risky stored passwords in minutes

Our free Browser-Stored Password Discovery Tool finds those sneaky passwords


Like this post?

Get our top blog posts delivered to your inbox once a month.