Celebrating World Password Day: May 4, 2023
This year marks the 10th anniversary of World Password Day. Over the past decade, digital accounts have woven their way into nearly every aspect of our lives. The holiday has led to an increased appreciation of cybersecurity and password hygiene practices that protect our identities, finances, files, and devices. As we prepare to celebrate World Password Day 2023, let’s take a moment to reflect on some important password trends and security concerns.
Want to learn more about using Dashlane Password Manager at home or at work?
A brief overview of World Password Day
The use of passwords can be traced all the way back to the origins of the spoken word. Military institutions, secret societies, and government agencies have used passwords for centuries. With the development of computers and the internet in the late 20th century, we were suddenly using dozens of online passwords in our everyday lives. With that in mind, a national password day was proposed more than a decade before the current holiday was etched onto our calendars.
- What is World Password Day?
World Password Day is an annual holiday created by Intel to remind us of the significance of passwords and highlight the importance of random, complex, and unique passwords. World Password Day has become a perfect opportunity to assess our password habits and change them as needed, with the hope that this behavior will continue throughout the year.
- Inspired by a book
Much of the credit for World Password Day goes to security consultant Mark Burnett, who published his definitive guidebook, Perfect Passwords, in 2005. In it, he warned readers of common password mistakes, like using the names of family members or pets, and included his ranked list of the 500 worst passwords of all time. Burnett surmised that, “When it comes to passwords, we just aren’t that clever.” He also encouraged his readers to schedule their own personal password day to review the quality of their own passwords. Nearly two decades later, the problem of weak passwords persists.
- When is World Password Day?
The first Thursday of May is dedicated to the internationally celebrated World Password Day. This year it falls on Thursday, May 4th. Back in 2005, when Burnett encouraged his readers to set aside one day a year to review their credentials, this may have seemed like a daunting task. Eighteen years later, tools like Dashlane’s Password Health score automate this process by continually tracking your weak, reused, and compromised passwords for you.
Security concerns for passwords
Passwords and password management have evolved tremendously over the decades. Honor the legacy of World Password Day 2023 by reviewing some ongoing password security challenges:
- Too many passwords to manage and remember
The average person is responsible for over two-hundred passwords, and half of us rely on memory alone to keep track of them. This becomes a security concern when weaker passwords are used for the sake of memorization, and the storage process for dozens of passwords becomes unmanageable.
- Password reuse
Our expanding password lists have also led to an increase in password reuse. This common habit puts multiple accounts at risk: If just one gets breached, you’ll need to reset all passwords individually, so it’s a good idea to keep all your logins unique. Password reuse also makes us more vulnerable to common hacking tactics that rely on weak or reused passwords since they are easier to decode.
- Unsecured password sharing
Sharing passwords with friends and family members for things like online retail accounts and streaming services is also a common habit. Like password reuse, it increases your level of exposure if these trusted contacts are impacted by a cybercrime. Secure sharing practices certainly do not include paper notes and email messages, and online sharing tools do not always encrypt data to protect information from hackers.
Dashlane’s password sharing feature can be used to share passwords and other information securely. All data is encrypted, and passwords are safely autofilled to keep information private.
- Cybercriminals and data breaches
Weak, reused, and insecurely shared passwords put your private information at risk. Bad actors take advantage of these security vulnerabilities using a variety of tactics that include:
- Phishing. A cybercriminal will impersonate a trusted source, usually using an email message to lure the recipient into providing confidential information like passwords and account numbers. To limit the impact of phishing attacks, avoid clicking on embedded hyperlinks, and always double-check that the sender’s email address matches the company URL.
- Credential stuffing. If you’ve ever forgotten a password and then tried plugging in multiple usernames and passwords, hoping you eventually guess correctly, then you understand the basic principle behind credential stuffing attacks. Hackers will often improve their odds by purchasing stolen logins, then using automation to attempt to gain access to multiple accounts.
- Brute-force attacks. This tactic also uses trial and error to gain unauthorized account access. Unlike credential stuffing, the hackers will use algorithms, password generators, and automation to cycle through usernames and passwords. Long and complex passwords are much less predictable and create a solid line of defense against brute-force attacks.
- Ransomware attacks. Ransomware attacks use particularly dangerous strains of malware to render files or devices unusable until a ransom is paid, typically using cryptocurrency or credit card transfers. Organizational accounts are often the targets of ransomware attacks, often resulting in difficult financial and reputational consequences. Although the software is quite sophisticated, cybercriminals still rely on common delivery strategies like phishing.
- Unsecured WiFi networks. Public WiFi networks in cafés, malls, and other open settings can be subject to hacking tactics like man-in-the-middle attacks designed to intercept your information. If you join a public WiFi network, you should always use a VPN to protect your privacy and accounts by encrypting the data going into or out of your device and routing it through a secure portal. A VPN also masks your IP address so you can browse the internet privately.
Password trends for 2023 and beyond
Computer technology and security challenges continue to evolve quickly. World Password Day is the perfect time to brush up on our password know-how and review some of the latest password trends and breakthroughs:
- Multifactor authentication
2-factor authentication (2FA) uses a second credential, like a push notification sent through an app or text, to confirm user identity. This might add a few seconds to your login time, but it also makes it nearly impossible for an intruder to access your accounts without having your device in their possession. Multifactor authentication (MFA) uses two or more identifiers, sometimes including biometric factors like fingerprints or facial recognition.
- Single-sign-on for login
Single sign-on (SSO) authorizes you to log in to multiple accounts after verifying your identity just once with the SSO provider. SSO saves you time while improving security by minimizing the password reuse that exposes multiple accounts in the event of a data breach. SSO also improves efficiency for IT teams by simplifying authentication and reducing set-forget-reset loops among employees.
- Biometric recognition
New technology within computers and devices allows biometric features like your face, fingerprint, or voice to be used for authentication. The convenience and portability of biometric recognition ensure it will continue to gain acceptance, although it is still far from foolproof.
- Passkeys and passwordless authentication
Biometric recognition is one of several passwordless authentication approaches being pursued. The idea is to replace all traditional passwords—and by default, their value to hackers searching the dark web—with methods that don’t require typed-in credentials. Passkeys that use public key cryptography to verify your identity through your mobile device are a secure passwordless authentication method being developed by Apple and Google and supported by Dashlane. Unlike passwords, passkeys can’t be guessed or reused and are only stored on your device.
- Security keys
Security keys take 2FA a step further by using physical keys, rather than transmitted codes, as a second identifier. Security keys can be embedded into a device or plugged into a USB port. When a user logs into their account, they are prompted to touch or press the security key, which makes it impossible to access the account without having the physical key in hand.
- Password generators
The originators of World Password Day recognized the value of long, complex, and unique passwords, even before there were tools available to make their creation nearly effortless. The best way to create strong passwords consistently is by using the password generator feature of a password manager, then saving them in the password manager so you don’t need to write them down or memorize them.
- Password managers
A password manager protects all your important accounts by encrypting passwords and account information, storing your data in a secure vault, and enabling 2FA for an additional layer of security. Automatic password generation features and autofill improve both security and convenience by eliminating the need to create and remember a strong password for each account. With all the obvious benefits of password managers, it should come as no surprise that their sales are expected to climb nearly 25% over the next six years.
Passkeys are a new and exciting passwordless authentication method that leverage the public-key cryptography technology used for secure website transactions. Find out more in our blog post, Ushering in the Passwordless Future at Dashlane.
Password tips for 2023
Password technology, threats, and best practices have continued to evolve since the first World Password Day was celebrated 10 years ago, but some things have remained the same. Following these timeless password tips will improve your cyber health in 2023 and beyond.
- Make each password unique: Having a unique password for each of your accounts is important, since it limits your exposure to a single account in the event of a data breach. A password generator can be useful for ensuring your new password bears no resemblance to any of your old ones.
- Use more characters: Although there is no set rule for password length, increasing the number of characters from 8 to 12 raises the number of possible combinations from 200 billion to 95 quadrillion, which makes the password much harder for hackers to decode.
- Store passwords securely: Spreadsheets and notebooks aren’t secure password storage methods, and many built-in browser password managers create an unencrypted list of your passwords that is vulnerable during a breach. The best way to store passwords is by using a password manager to store them in a protected cloud server.
- Change passwords only when necessary: Password changes have little value when we replace strong passwords with weaker ones or make minor changes that can be easily deciphered by hackers. Only reset passwords if you discover malware, have been impacted by a data breach, or have shared your password insecurely.
- Track your password health: It can be hard to improve your password hygiene if you don’t know where you stand. The Dashlane password manager provides an intuitive password health score that gives you direct insight into your password hygiene by tracking your weak, reused, and compromised passwords.
- Beware of phishing attacks: A primary objective of phishing attacks is to convince you to share your passwords and other personal information. Keep an eye out for the telltale signs of phishing emails that include misspellings, poor grammar, and incorrect URLs that don’t match the company’s website. But also know that these signs are not always present—phishing and social engineering tactics are growing ever more advanced.
- Use antivirus software: Antivirus and anti-malware software scan your device continually to detect, quarantine, and remove malicious files like spyware that can be used to steal passwords and other private information.
- Use dark web monitoring: You may not always realize when your password has been compromised. Dark Web Monitoring is used to scan the hidden recesses of the internet for your personal information and credentials, and alert you if they are detected.
How Dashlane helps you celebrate World Password Day
Each year, World Password Day reminds us of the importance of passwords as we navigate dozens of accounts and try to keep our information and devices as secure as possible. Dashlane provides intuitive password generation with encrypted vaults for password storage and sharing that prevent hackers from accessing your credentials. Additional features like a Password Health score, 2-factor authentication, VPN, and Dark Web Monitoring round out the comprehensive cybersecurity solution.
Passwords have come a long way since the first World Password Day, and they continue to evolve as technology improves and hacking techniques grow more advanced. Learn more about the history of passwords and how they’ve kept us safe since ancient times.
- Mark Burnett, “Perfect Passwords,” 2005.
- Dashlane, “How Strong Is Your Password & Should You Change It?” August 2022
- Dashlane, “Understanding Your Dashlane Password Health Score,” October 2020.
- Tech.co, “Study Reveals Average Person Has 100 Passwords,” March 2023.
- Dashlane, “A look at Password Health Scores around the world in 2022,” 2022.
- Dashlane, “How to Stop Reusing Passwords for Good,” January 2020.
- Dashlane, “What Is Encryption?” March 2019.
- Dashlane, “Share your saved items in Dashlane,” 2023.
- Dashlane, “Don’t Take the Bait – Password Managers Can Help Shield You From Phishing Attacks,” November 2020.
- Dashlane, “What Is Credential Stuffing?” September 2020.
- Dashlane, “What the Hack Is a Brute Force Attack?” February 2020.
- Dashlane, “A Beginner’s Guide to Two-Factor Authentication,” August 2022.
- Dashlane, “A Complete Guide to Multifactor Authentication,” November 2022.
- Dashlane, “What is SSO? Work Simpler With This One Tool,” September 2021.
- Heimdal, “What Is Biometric Authentication? A Complete Overview,” July 2021.
- Dashlane, “What is passwordless authentication, and why should you care?” November 2022.
- Dashlane, “What Is a Passkey and How Does It Work?,” November 2022.
- Dashlane, “Resist hacks by using Dashlane’s password generator tool,” 2023.
- Dashlane, “How Password Managers Work: A Beginner’s Guide,” December 2022.
- GlobeNewswire, “Password Management Market to Hit Sales of $7.09 Billion by 2028,” October 2022.
- Dashlane, “Ushering in the Passwordless Future at Dashlane,” August 2022.
- LMG Security, “How long should your password be? The data behind a safe password length policy,” January 2020.
- Dashlane, “Best Way to Store Passwords at Home or Work,” September 2022.
- Dashlane, “Dark Web Monitoring: Your Employees Are Likely Using Compromised Passwords,” July 2022.
- Dashlane, “A Brief History of Passwords,” 2022.
- Dashlane, “How To Remember Hard-To-Remember Passwords,” November 2022.
- Dashlane, “One of the Most Common Data Breaches Your Organization Can Prevent with One Step,” November 2021.
- Dashlane, “7 Dangers of Sharing Passwords Without a Password Manager,” March 2023.
- Dashlane, “How to Prevent Ransomware Attacks on Your Devices,” March 2023.
- Dashlane, “How to Erase Saved Browser Passwords: Step-by-Step Guide,” November 2022.
Thanks! You're subscribed. Be on the lookout for updates straight to your inbox.