Observe World Password Day With the IDPro® Pros!
Did you know about World Password Day? It takes place every year on the first Thursday in May and is meant to encourage people to consider their password practices and adopt some new – and healthy – digital security habits.
We asked the IDPro community to share their thoughts on password safety and they didn’t hold back!
“Use a different password for each site and use a password manager to generate and keep track of them all.” – Greg Smith
“When using passwords: self-service password reset is a must have. If MFA is not available, the ‘password forgotten’ email reset is a low-budget version of MFA.” – Andre Koot (@meneer)
“Don’t generate your own passwords. People are bad at being random. Have a computer generate it and either memorize it or use a password manager. If you can – especially if you need to memorize it – use a wordlist generator to create a very long but human-memorable password. Pro tip: if a site lets you have a long password with spaces but still has archaic complexity requirements, create a long wordlist password then append ‘Aa1!’ to the end of it to hit all the character classes.” – Justin Richer (@justin__richer)
“If you must use passwords, one trick is to use the hash of your password instead, salted with the domain. That way, it’s reproducible but still reasonably ‘random.’ It’s reproducible given your unique knowledge of the passphrase and uniquely salted for the particular website. This way you don’t have to store it in a password manager. If there is a character limit, use either the largest portion that the website will allow or some standard number of characters, or follow an algorithm. For example: google.com is 10 characters, so use the first 10…
$ openssl passwd -6 -salt ‘google.com’ ‘correct battery horse staple’ | cut -d’$’ -f4 | cut -c 1-10
Be sure to consider command line history if you adopt this method, though.” – Shannon Roddy
“When possible, don’t use passwords at all. With the imminent introduction of FIDO’s multi-device credentials, it will be easier than ever to leave those relics behind. This time, it’s really happening!” – Vittorio Bertocci (@vibronet)
“If it was up to me, I would introduce a minute of silence on World Password Day for all the forgotten passwords as part of breaches – followed by a demonstration of hate for passwords organized by the MFA (Movement For ‘better’ Authentication). I would finish the day by unsubscribing to a service provider I no longer use to reduce the storage needs for my password manager…and celebrate Cinco de Mayo!” – Elie Azerad (@ElieAzerad)
Learn more about World Password Day and share your thoughts with us on Twitter. And be sure to #LayerUp!
Register now for the @idsalliance and #IDPro joint webinar, “Helping Organizations Succeed in an Identity-Centric Security World” – Feb. 23 at 9:00am PT/12:00pm ET http://bit.ly/3HwTYmq
The sixth annual IDPro® Skills, Programs & Diversity Survey is open! It aims to measure the diversity, goals, interests, skills and trends among identity professionals and the enterprises that employ them. Take the survey: https://www.surveymonkey.com/r/IDPro_2023_Skills_Survey
To help solve the #IAM skills gap, #IDPro has created the #CIDPRO which can expand candidates' #digitalidentity knowledge and fill experience gaps. Learn more by reading our CIDPRO webinar recap blog: https://bit.ly/3Idk5jj
The Internet Identity Workshop (#IIW) XXXV took place from November 15-17 and provided an excellent opportunity for #digitalidentity experts to convene and discuss #IAM topics. Learn more about this recent event by reading our recap blog: https://bit.ly/3WtmGdd
The #IDPro webinar covering Issue 10 of the Body of Knowledge (#BoK), featuring an overview of the three new articles and six refreshed articles, is starting now. Join the webinar: http://bit.ly/3HbxY0c