Humans are truly terrible at choosing passwords, so this World Password Day, should think about ditching the entire concept altogether?
The cybersecurity community celebrates the importance of password protection on the first Thursday in May each year, but with global data security scandals front of everyone’s minds, global cybersecurity business Centrify has taken the opportunity this year to question whether passcodes still provide any security to users.
The firm says there are multiple problems with individual password setting: people are notoriously bad at choosing good ones, they never keep this information secure, and passwords don’t even protect your data from being misused by third parties in the first place.
“Instead of celebrating passwords, we should ditch them in favour new tools like two-factor authentication to better protect our online selves. It’s time to kill the password,” says Centrify senior director of Asia Pacific sales, Niall King.
It may take the world some time to completely ditch the password, so in the meantime, we thought we’d look through our archives and revisit some password-setting advice from cyber security experts.
For many years, the reigning theory on crafting the best password came from former US National Institute of Standards and Technology manager Bill Burr, who advocated using common words as passwords but breaking these up with letters and symbols, for example, “3leVat0R!”
However, last year Burr told the Wall Street Journal building a password in this way actually left people open to attack because the formula was easy to crack.
For business owners now distressed over their password choice and eager to change it to something highly uncrackable, the best choice might not be the sort of password you’d expect.
In a 2011 comic from popular webcomic XKCD, author Randall Munroe outlined the issues with Burr’s original password propositions and proposed an alternative.
Randall’s advice has been endorsed by cybersecurity experts, with a random four-word phrase being harder to crack by many orders of magnitude, taking up to 550 years.
This means changing your password to “anybodyblindnationthemselves” (you can’t have spaces in passwords) or “Ilovesmallbusiness” could work wonders for your account’s security measures.
And for the more mnemonically inclined, a line from a favourite song or book can also work as a strong password, as discussed when Mark Zuckerberg’s Twitter account was hacked in 2016.
Using the example of Oasis’ classic song ‘Wonderwall’, a strong password derived from the hit could look like “MyGbTotSm68”, with a memorable number thrown at the end for good measure.