By Karmendra Kohli, CEO & Director, SecurEyes, a pure-play cybersecurity consulting service
May 4 2023. Today is World Password Day. Passwords have been used since ancient times. Sentries would challenge those wishing to enter a protected area to give a ‘watchword’ before allowing them entry. The Roman military had system for watchwords as described by Polybius.
Most of us grew up on the story of ‘Open Sesame’ code for entry into the treasure cave of ‘Ali Baba’. Those who have read the story of ‘Ali Baba and Forty Thieves’ know the consequences of forgetting the password or when unauthorised people come to know of it.
The significance of password as life goes digital can be ignored only at our peril as hacking has emerged as an organized syndicate-based business. The problems have only compounded as we require multiple passwords for various accounts/sites.
Strong passwords are key to our digital security as they are the first line of defence against hackers to protect our data and information. Most data breach episodes can be attributed to weak or stolen passwords.
We have all heard the basics of password security. But a few points need reiteration:
-Foremost of all is length. Safer passwords must contain at least 12-15 characters.
-Passwords must contain numbers, special characters and a combination of upper and lowercase letters.
-Passphrases like ‘weloverains’, ‘skyisnotthelimit’, combined with special characters, could make it even more secure. But be sure that you choose a sentence which cannot be easily guessed.
But even after getting a strong password, one should be careful about cyber criminals trying to steal passwords by tricking the vulnerable into revealing their personal information through various intuitive techniques including Spear phishing, Vishing and other social engineering attacks
With a number of accounts, along with digital identities to be managed, storing multiple passwords in an unsecured manner, such as in a plain text file, can result in passwords getting stolen leading to security breaches and unauthorised access to sensitive information. Hence, it is important for users to ensure that passwords are stored and managed securely.
Other Tips for Password Security
* Be careful with your secret questions and answers. Your friends or acquaintances may know your last school or favourite colour.
*It is advisable to create a separate email account to log into sites like online shopping, online travel booking, etc.
*Lastly, you must log out of your accounts after every use.
Alternatives to Passwords
There are alternatives to passwords that can be used for user authentication. Some of the most popular ones are listed below:
Biometrics: Use of a person’s unique physical characteristics such as fingerprints, facial recognition, iris scanning or even voice recognition.
One-Time Passwords: OTPs are temporary passwords that are valid only for a limited period and apply for a single transaction.
Multi-Factor Authentication: Combines two or more authentication methods, such as a password and fingerprint scan, to make it harder to breach.
Smart Cards: Contain a chip that stores authentication information, which can be used to verify a user’s identity to log into a system.
Behavioural Biometrics: Behavioural biometrics analyse a person’s patterns of behaviour, such as the way s/he types on a keyboard or uses the mouse.
Future of Passwords
A password manager is an app on your phone, tablet or computer that stores your passwords, so you don't need to remember them.
They securely keep passwords in an encrypted vault which can be opened with a primary password. The primary password should be unique and not stored by the password manager. But first, you have to check whether the company has the ability to see your stored passwords or the master password.
Some password managers sometimes provide the option of a ‘passwordless’ authentication key- a passkey or secret key. Some applications/browsers have built-in password managers (like Google, Firefox) that can be useful for user convenience and to provide a secure way to store passwords. But it is advisable to opt for a separate password manager.
Blockchain technology is set to change the way we manage passwords. It could well make life easier with single password authentication. One can set up a SAASPASS password manager, which provides two-factor authentication, for thousands of websites and services to autofill and autologin to them. It can eliminate user names and passwords for logging into corporate sites without revealing personal information. Blockchain’s distributed ledger technology (DLT), along with digital identity verification could well be the answer to online privacy and password breach concerns.
Password security, at least for now, remains a continuous race for one-upmanship between the user and the hacker. Hence, we need to be aware and we cannot ever let our guard down.
And always remember, as American entrepreneur Chris Pirillo said "Passwords are like underwear: you don't let people see it, you should change it very often, and you shouldn't share it with strangers".
Happy Password Day!