World Password Day and the Importance of Passwords

May 5, 2022 is World Password Day. This event was established in 2013 and is observed every first Thursday of May with the objective of bettering understanding of the value of using complex and unique passwords. It also highlights password best practices to make sure that sensitive data is kept private and confidential.

The initial use of passwords in the 1960s was to secure accounts in computing environments against unauthorized access. In 1961, Massachusetts Institute of Technology (MIT) researchers began using the Compatible Time-Sharing System (CTSS). This system operates on an IBM 709 and systems access is through a dumb terminal, having passwords to protect users’ personal files against unauthorized access.

Many believe that this system is the first to utilize passwords and the first to encounter a password breach. During the mid-1960s, Allan Scherr is an MIT Ph.D. researcher who was doing simulations for the computer system, however, the allotted 4-hour CTSS time is not enough. He figured out a way to print out all passwords within the system and used the passwords to obtain more time.

Passwords are currently the most popular way to protect accounts. Although passwordless authentication, like biometric identifiers and Single Sign-on, is becoming more popular, passwords still remain the most commonly utilized method of user authentication that hinders unauthorized account access.

Why Creating Strong Passwords is Important

World Password Day wants to address the security risks that come with using passwords. One way that hackers commonly use to get access to accounts is to input stolen passwords. By means of phishing, employees are tricked into sharing their passwords, either through email, SMS (SMiShing) or telephone (vishing). Using 2-factor authentication can help to stop these attacks. As stated by Microsoft, 2-factor authentication thwarts over 99% of automated attacks.

Hackers additionally employ brute force tactics in order to guess weak passwords, such as default passwords. When rate limiting isn’t enforced to secure accounts that have had a set number of unsuccessful logins, it’s possible to guess weak passwords in less than a second. Even if using strong passwords, hackers can guess them in seconds or minutes in case they are not strong enough.

In 2020, Hive Systems shared a chart featuring the time required for an attacker to brute force a password utilizing a powerful, commercially available computer, and every year the chart is updated to consider developments in computing technology. The chart plainly shows the value of using strong passwords that have a mix of numbers, symbols, and lower- and upper-case letters, and making sure passwords consist of sufficient characters.