On World Password Day, “123456” is not okay

It’s World Password Day, and Erich Kron at KnowBe4 shares a timely reminder that weak passwords need to be ditched

 

Every year, World Password Day rolls around like clockwork. Falling on the first Thursday of May every year, we cross our fingers hoping folks have finally ditched “password1” and “qwerty” for something a little more… well… secure. Spoiler alert: many haven’t.

 

Let’s be honest, passwords are nobody’s favourite part of cyber-security. They’re like flossing. Everyone agrees they’re important, but somehow they still fall to the bottom of the to-do list. Unfortunately, unlike skipping a bit of flossing, a weak password can lead to your entire digital life being compromised. And unlike your dentist, attackers don’t give second chances.

 

 

Why passwords still matter (yes, still)

Despite all of our shiny new technologies, such as AI, biometrics and zero-trust architectures, passwords remain the front door to our digital lives. Just like you wouldn’t lock your house with a twist-tie, you shouldn’t protect your bank account, work email or streaming subscription with a password that can be guessed faster than you can say “Netflix and hacked.”

 

Cyber-criminals love reused passwords and thanks to data breaches (looking at you, RockYou2024), billions of username and password combinations are floating around the dark web, just waiting to be plugged into login screens around the world through credential stuffing attacks. Trust me, the bad actors aren’t typing them in manually, they’ve got automated tools for that. This is how breached credentials at a hobby forum can end up costing you your bank account.

 

 

The layered approach: passwords are just the start

Passwords are only one layer of your defence. Like any good security strategy, we need depth. Here’s a breakdown:

 

Use a password manager. Nobody should be expected to remember 100 unique passwords. Unless you’re a game show contestant with a photographic memory, use a password manager to generate and store complex, unique passwords for every account.

 

Enable Multifactor Authentication (MFA). Think of MFA as your password’s backup singer—less famous, but absolutely vital to the show. If your password gets compromised, a second layer of authentication can keep the bad guys out. It’s not a replacement for weak passwords though, MFA is not infallible.

 

Don’t reuse passwords. Seriously. This is the digital equivalent of using the same key for your house, car, gym locker, and office. If one gets stolen, they all go down. We mentioned a password manager already. This is where they shine!

 

Watch out for phishing. Even the best passwords can be tricked out of people. Train yourself (and your team) to spot sketchy emails, bogus login pages and text messages claiming you’ve won a cruise. Spoiler: you haven’t.

 

 

Let’s have some fun with it

To celebrate World Password Day, try this: pick a terrible password you used to use (no judgment) and give it a proper burial. Then, challenge your coworkers or family to a Password Makeover Contest—bonus points for length, complexity and absurdity (e.g., “RamenN00dleDanceParty!2025”).

 

Or if you’re feeling ambitious, take the day to audit your logins. Rotate out any passwords that are old, weak or shared across accounts. It’s not the most exciting way to spend 30 minutes, but it’s far better than spending hours on the phone with your bank explaining fraudulent charges.

 

 

A key part of your cyber-security strategy

There are technologies that are working to eliminate passwords, but they have been trying to do that for many years. They are like that shirt you don’t love the colour of, but it fits so well. We won’t be rid of them for a while, so we need to adjust.

 

Passwords may never be fun, but they don’t have to be a disaster either. With the right habits and tools, they can become a strong part of your cyber-security strategy, and maybe even something you feel a little proud of. So this World Password Day, ditch “iloveyou” and “letmein,” and give your digital life the strong lock it deserves.

 

---

 

Erich Kron is a security awareness advocate at KnowBe4

 

Main image courtesy of iStockPhoto.com and designer491