View from India: What is your password? Shh...
Image credit: Dreamstime
With a vision to protect passwords and create awareness about their importance, in 2013 Intel Security declared the first Thursday in May as World Password Day. We celebrated this year's World Password Day yesterday (4 May).
A decade has passed since World Password Day was introduced. The intent has been to make people understand that weak passwords can lead to data breaches and losses. And this holds true even today. Working from home, a pandemic-led outcome, brought flexibility in the work pattern; but the dependence on cloud tools made data and devices vulnerable and prone to cyber attacks. Sensitive data became a compromise in many parts of the world. The threat landscape in the online world is evolving and with this comes multi-device connectivity. Everything almost everywhere is, and will be, connected. Password protection is paramount.
Typically, passwords are used for logging into accounts, checking email, and accessing applications and websites. Randomly putting together computer characters like numbers, letters and symbols may be used as digital passwords. Authentication through the secret password needs to be demonstrated before opening the device for usage. Other than that, users tend to rely on the Master Password, a single password that could be used for multiple platforms. Being key to multiple accounts, this password needs to be remembered. Google too has done its bit: the Google Password Manager saves passwords in a Google Account. It becomes a strong and unique password for all the online accounts on Google.
Usually, personal information or clichéd things like songs or names of places become our passwords as they are easy to recall. But such obvious words result in weak passwords. Passwords need to be reset every now and then, and password reuse is not the right thing to do as it opens doors for phishing and cyber attacks. Generally, a combination of uppercase and lowercase letters, numbers and symbols could be considered as strong passwords. Strong password management and multi-factor authentication are critical. It’s equally important to secure it; strong passwords could help keep security breaches at bay. Cyber attacks, data breaches and the need for data and device protection has given rise to new-age jobs like password managers and cyber-security professionals. This also includes administration, management and design. A couple of years ago such professionals may not have been around. Enterprises and individuals could require password managers, whose job is to save and take care of passwords from a safe space, mostly in a virtual encrypted vault, which is secure, layered and private. Hence, it could mean that enterprises and individuals don’t need to memorise multiple passwords.
But, do we have the software to manage passwords? Yes, we do, in the form of password protection software. This software protects and secures the password and blocks weak passwords. Automating, rotating and securing passwords is crucial, and organisations themselves have come up with various measures to ensure password hygiene. It ensures that strong passwords are selected, managed and maintained to ward off cyber crooks. There’s also the two-factor authentication for security; organisations may integrate one-time codes for log-ins to enhance the security factor in the digital environment.
World Password Day is a reminder of the importance of securing passwords. However, the question doing the rounds is whether passwords will be phased out. After all, passwords can be broken into and confidential records can be stolen. A time has come when live authentication without passwords is gaining ground; this does not require a one-time password but uses biometric logins and facial-recognition software, both of which are becoming popular in organisations. Interestingly, on the eve of World Password Day, Google has announced that passkeys can be used to sign-in to apps and websites. They work in the same way as they are to unlock devices; it could be through a fingerprint, a face scan or a screen lock PIN (personal identification number). This may point to a passwordless future.
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.