Best Practices in Password Management for World Password DayMay 5, 2022
Thanks to Dr. Kellep Charles, CISA, CSSP, Chair of Cybersecurity Programs at Capitol for contributing this guest piece to the Capitology blog!
Since their inception over 60 years ago in an MIT Lab, passwords are usually the first line of defense when it comes to protecting computers and information assets. So, what happens when that first line of defense is not properly implemented? I think you already know…
Each year on the first Thursday in May we observe “World Password Day” to promote better password habits. This year, the ninth anniversary of World Password Day occurs today, May 5, 2022.
To observe World Password Day, there are a number of steps that you can take to improve your password management. Password protection methods are much more sophisticated than they used to be, therefore requiring a more extensive setup process.
One of the best ways to create a strong password is to create a "passphrase."
A passphrase is a sentence-like string of words that is used for authentication. Its structure is longer than a traditional password; it is easier to remember and much more difficult to guess or crack. This phrase can be words from a book you particularly like, words from a song that you always remember with ease, or a quote from a powerful figure that you will never forget. The key to coming up with a successful password is to use a phrase that will never leave your mind, and that no one else will ever think to attribute to you.
Example of a Good passphrase:
Phrase: “My Brother’s Birthday Is April Twenty Second Nineteen Eighty-three”
The passphrase translated to a password: “MbbiAtt1983”
To make the passphrase even stronger and more difficult to crack, you can add special characters in the place of traditional letters and numbers, a common execution of this is replacing the letter “i” with an explanation point “!” or the letter "a" with an ampersand "@."
Whenever it is available, 2 Factor Authentication (2FA) or Multi-Factor Authentication (MFA) should be implemented when creating password-protected accounts. 2FA or MFA is an authentication process where two of three recognized factors are used to identify a user. These authentication processes are:
- Something you know – usually a password, passcode, passphrase or PIN.
- Something you have – a cryptographic smartcard or token, a chip enabled bank card or an RSA SecurID-style token with rotating digits
- Something you are – fingerprints, iris patterns, voice, or similar
Two-factor authentication works by demanding that two of these three factors be correctly entered before granting access to a system or website.
Ways to observe #WorldPasswordDay:
- Take the #WorldPasswordDay pledge and share these password tips on social media
- update an old password to a longer, strong one
- turn on two-factor authentication for your important accounts
- password protect your wireless router
- don’t store passwords on your computer or phone
- log off when you’re done with a program
For World Password Day and every day, be sure to practice strong password hygiene!