Today is World Password Day, and that means it’s a day that’s all about caring and sharing…
…but WITHOUT THE SHARING!
We made a short video to catch your attention:
(Watch directly on YouTube if the video won’t play here.)
None of the passwords in the video seem truly terrible – there’s no 123456 and no password, after all.
But all the passwords you see in the video are easily guessable, even though most of them aren’t dictionary words, and all of them come from a recently released list of the top 100,000 passwords.
So don’t take password shortcuts to save a few seconds a day in your digital life – if you’re serious about keeping the crooks out, don’t make it easy for them to get in!
Our recommendations are:
- Pick proper passwords. Watch our straight-talking tips on how to choose decent passwords.
- Use a password manager. Read our advice on why you need a password manager and how to pick the one that suits you best.
- Turn on two-factor authentication. Learn why 2FA doesn’t have to be a hassle, and why you should use it whenever you can.
Happy World Password Day – and stay safe out there!
LISTEN NOW – LEARN MORE ABOUT TWO-FACTOR AUTHENTICATION
(Audio player above not working? Download MP3, listen on Soundcloud or access via iTunes.)
Microsoft
stop using passwords you fools!
Sim Swapped
If biometrics aren’t secure, and a single point of failure (cell phones) for 2FA is a bad idea. What about a secret code locked in my head? Its not device dependent – it is multi platform!
Paul Ducklin
True… if you can devise and remember good passwords for dozens of sites, of course.
Most people can manage to devise and remember one solid password for their password manager… but prefer to let the password manager take care of all the other complexity.
And your mobile phone needn’t be a single point of failure for 2FA. In six years of using 2FA (and I like to log myself out every day so I do the 2FA dance regularly) I have been “locked out” exactly twice. Once I left my phone at home so I used a backup code I had prepared earlier and learned not to forget my phone again. (So far, I haven’t!)
The other time, my closest mobile transmitter was damaged in a storm and shut down, so I walked 2km down the road to my favourite coffee shop – where I was planning on going anyway – and found that the mobile signal there was at full power.
BobK
? full whack? meaning NOT working? or Working Fine? Don’t use slang when English will do.
Paul Ducklin
Full tilt, full bore, full on, full power…
…in other words it was running at 100%, working just fine, performing AOK, going at top speed.
Sometimes we allow ourselves to be a little bit conversational in the comments :-)
I have, however, edited the comment for clarity because I note that although “full whack” appears in my Oxford Dictionary of English it is omitted from my New Oxford American Dictionary.
Bryan
BobK, you’re nitpicking; context would’ve gotten you there.
But I upvoted you for comedy value.
:,)
Carl
It is mostly a habit to pick-up, I started to use a password manager some years ago, mostly because I started to use different passwords for every service and quickly realizaed it would be stupid to keep them all in an office doc, xls or txt, so, after the first entries it became easier each time, now I have a multi-lenguage die passphrase xls complete with special charachters and all. At first when I started using the die passphrase generator my partner said I was “nuts” but after he realized all of his emails had been compromise in more than one data breach, he is now adopted use of his password generator and manager. – Be patient, and always remember that you are taking that extra step to protect yourself, family and place of work. If not for anything, at least for “better safe than sorry”.
JDB
Use a hardware device as the yubikey to login !