Did you know about World Password Day? It takes place every year on the first Thursday in May and is meant to encourage people to consider their password practices and adopt some new – and healthy – digital security habits.
We asked the IDPro community to share their thoughts on password safety and they didn’t hold back!
“Use a different password for each site and use a password manager to generate and keep track of them all.” – Greg Smith
“When using passwords: self-service password reset is a must have. If MFA is not available, the ‘password forgotten’ email reset is a low-budget version of MFA.” – Andre Koot (@meneer)
“Don’t generate your own passwords. People are bad at being random. Have a computer generate it and either memorize it or use a password manager. If you can – especially if you need to memorize it – use a wordlist generator to create a very long but human-memorable password. Pro tip: if a site lets you have a long password with spaces but still has archaic complexity requirements, create a long wordlist password then append ‘Aa1!’ to the end of it to hit all the character classes.” – Justin Richer (@justin__richer)
“If you must use passwords, one trick is to use the hash of your password instead, salted with the domain. That way, it’s reproducible but still reasonably ‘random.’ It’s reproducible given your unique knowledge of the passphrase and uniquely salted for the particular website. This way you don’t have to store it in a password manager. If there is a character limit, use either the largest portion that the website will allow or some standard number of characters, or follow an algorithm. For example: google.com is 10 characters, so use the first 10…
$ openssl passwd -6 -salt ‘google.com’ ‘correct battery horse staple’ | cut -d’$’ -f4 | cut -c 1-10
Be sure to consider command line history if you adopt this method, though.” – Shannon Roddy
“When possible, don’t use passwords at all. With the imminent introduction of FIDO’s multi-device credentials, it will be easier than ever to leave those relics behind. This time, it’s really happening!” – Vittorio Bertocci (@vibronet)
“If it was up to me, I would introduce a minute of silence on World Password Day for all the forgotten passwords as part of breaches – followed by a demonstration of hate for passwords organized by the MFA (Movement For ‘better’ Authentication). I would finish the day by unsubscribing to a service provider I no longer use to reduce the storage needs for my password manager…and celebrate Cinco de Mayo!” – Elie Azerad (@ElieAzerad)
IDPro is a professional organization for practitioners of Identity and Access Management
IDM dach 2022, hosted on May 24 by @WhitehallMedia, is a gathering of today’s #IAM leaders, decision-makers and influencers delivering a fully virtual program of inspiration and enablement! Register for this exciting event today: https://bit.ly/3KfO0V9 #identity
The #IDPro Body of Knowledge features #IAM industry articles written by our fellow #DigitalIdentity community members. This unique resource is available to anyone looking for valuable industry insight: https://bit.ly/3LATsTE
One of the best resources for #IDPro members is our #Slack space, with access to the IDPro community to discuss challenges we face in the #DigitalIdentity world. Take advantage of all your membership has to offer and join the discussion. Learn more: https://bit.ly/38fNt8n #IAM
Last month our IDPro members shared their #IAM best practices during Identity Management Day! We've collected those best practices into a blog post for our followers! Read more here: https://bit.ly/3uvkGFz #Identity
#EIC2022 - Europe’s leading event for the future of #digital identities and #cybersecurity starts today! We look forward to seeing you at the event or in the online sessions! #Identity #IAM