There’s never been greater imperative to take passwords more seriously than on World Password Day on 6th May.

Are you surprised that the #1 password used globally is “123456”, even in 2021? This is an alarming fact considering that, even in an internet-savvy nation like Singapore, over a quarter of users (28%) have been victims to at least one cyber incident.

If you’re like me and many others, passwords feel so much like a necessary evil in today’s digital economy. Add ATM PINs and safe combinations – there’s just too much to remember! And writing them down somewhere somewhat defeats the purpose, right?

Jacqueline Jayne, Security Awareness Advocate, KnowBe4 APAC, comments: “The average person has anywhere between 70 and 100 passwords, and it is simply not possible to remember them all.  Especially when you consider that passwords need to be unique, complex, and depending on where you read it anywhere between 8 and 20 characters.”

VMware Security Business Unit’s Principal Cybersecurity Strategist, Rick McElroy, also shares his thoughts on the state of passwords today: “Using a password is as antiquated as using a standard key on your front door – it’s locked but someone can copy the key or pick the lock and still get access. For this reason, it’s important to prioritize multi-factor authentication, in the form of behavioral and continual authentication, and move away from a central store of identities, which can easily be hacked.”

“Protecting yourself with a strong password in the digital age is the responsibility of every individual,” says Justin Loh, Country Director for Singapore, Veritas Technologies. “When it comes to cybersecurity, weak password management plays a major role in the hacker ecosystem.”

“As we continue to accelerate the transition into a digital economy, the parameters of authentication will expand to ensure greater accuracy and data security. For now, it is safe to say that majority of the world’s websites and services still rely heavily on password authentication. Until that sentiment shifts, passwords will be here to stay and it is critical for us to adopt good password hygiene to ensure the integrity of our personal data.”

For a peek into possibilities in the future, McElroy predicts: “Moving forward, we’ll begin to witness hand and fingerprint biomarkers, two-factor authentication with a mobile device and facial recognition replace traditional password authentication processes.”

It gets more exciting, like sci-fi: “At some point in the future, DNA will probably be used to verify identity in the medical field. Long term, I could see a future where a combination of measurements like a heartbeat and brain waves could be used, making it more difficult than ever for cybercriminals to break the digital lock.”

Loh concurs: “When it comes to privacy and authentication in the ever-changing digital world, biometrics are gaining prominence. For instance, fingerprints and facial recognition are now commonly being used in banking applications on mobiles, unlocking smartphones and personal devices. Moving forward, other technologies such as retina scanning, and voice recognition will also gain pace with the advancement in technologies.”

On top of providing convenience to its users, biometrics can help to assure the integrity of our identity data, as one identity only represents one person. “When considering data integrity in highly regulated environments such as healthcare and finance, biometrics may hold the key to ensuring more accurate authentication,” says Loh.

World Password Day on 6th May is a timely reminder for all of us about password hygiene. Perhaps one day we’ll become truly passwordless, but until then we should protect our digital identities as best we can.

Password tips

When it comes to password hygiene, we still have a long way to go, says Jayne. 

She offers some tips for users to keep password secure, strong, and safe:

• Keep your passwords private – never share a password with anyone else.
• Never ever reuse a password (ever).
• Invest in a Password Manager Tool (start here https://au.pcmag.com/password-managers/4524/the-best-password-managers).
• Use multi-factor authentication (MFA) when you can and where it makes sense.
• Use passwords of at least eight (8) characters or more (longer is better).
• Use a combination of uppercase letters, lower case letters, numbers, and special characters (for example: !, @, &, %, +) in all passwords.
• On the web, if you think your password may have been compromised, change it at once and then check your other website accounts for misuse.

If you’re looking for a step-by-step guide to creating a create a strong, complex password, Jayne shares a way to develop a strong password that’s very hard to crack:

1. Think of a phrase or sentence with at least eight words. It should be something easy for you to remember but hard for someone who knows you to guess. It could be a line from a favourite poem, story, movie, song lyric, or quotation you like. Example: “I Want To Put A Dent In The Universe”
2. Remove all but the first letter of each word in your phrase:  IWTPADITU
3. Replace several of the upper-case letters with lowercase ones, at random: iWtpADitU
4. Now substitute a number for at least one of the letters. (Here, we’ve changed the capital “I” to the numeral 1: iWtpAD1tU
5. Finally, use special characters ( $, &, +, !, @) to replace a letter or two — preferably a letter that is repeated in the phrase. You can also add an extra character to the mix. (Here, we’ve replaced the “t” with “+”, and added an exclamation point at the end.) : iW+pAD1tU!

Loh has the last word: “More importantly, companies must remain mindful that the best way to safeguard themselves is to ensure that their data is both backed up and encrypted. The purpose of backing up data is to have a secure archive of critical business information such as classified documents for compliance purpose or customer databases.”