Happy Password Day! (But, Death to Passwords, Microsoft Says)


May 4th is Star Wars Day (May the 4th Be With You). It is also World Password Day. Intel Corp.’s website dedicated to Password Day urges people to take a “social media pledge to improve your password habits.” It suggests four steps to “secure your digital life”: create strong passwords; use a different password for each account; get a password manager; and turn on multi-factor authentication. These steps may seem obvious for some, but not all consumers practice good digital hygiene and are in dire need of applying some of these best practices. 

For example, in December, market research company ReportLinker found that for the fifth straight year, the most popular passwords that U.S. consumers used were “123456” and “password.” Alex Cox, Director of RSA's Threat Intelligence team in Reston, Va. previously told Bloomberg BNA that passwords are “too easy to guess, too often reused and many times not protected in a sufficient capacity.” Other cybersecurity professionals echoed similar sentiments. 

Generally speaking, hacking a social media account, such as a Twitter Inc. account, is “not that difficult if the account owner utilizes an insecure password and doesn’t employ the more advanced features—such as enabling two-factor authentication,” DataGravity Inc. Chief Information Security Officer Andrew Hay previously told Bloomberg BNA.

It seems the U.S. government has noticed the dangers posed by weak passwords as well. The public comment period for the National Institute of Standards and Technology’s password guidelines recently closed and the guidelines provide technical requirements for federal agencies implementing digital identity services, NIST said. The guidelines provide that passwords should be at least eight characters in length (hopefully, nobody will choose 12345678). 

However, given that consumers have multiple online accounts for a wide range of services, having different passwords for each of those accounts may be difficult and tedious. Microsoft Corp. says they have an alternative solution.

In April, Microsoft published a blog announcing the newest way to sign into Microsoft accounts: phone sign-in. According to the global tech giant, “this process is easier than standard two-step verification and significantly more secure than only a password, which can be forgotten, phished, or compromised.” Microsoft said that “using your phone to sign in with PIN or fingerprint is a seamless way to incorporate two account ‘proofs’ in a way that feels natural and familiar.”

However, if you want to stick to using passwords, there are many secure password generators available online.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.