One of the most important yet underwhelming international events is coming up the first Thursday in May (in Canada, it’s March 15th). What is it? It’s World Password Day,
I know — words can’t express how tedious most people find passwords, how annoying they are to use, and how likely it is 99% of the world will not celebrate this event. Let me see if I can convince you otherwise. On January 1, 1983, when the Internet was invented, mankind agreed to a binary choice: Invent passwords or forever regret their absence. Without them, there would be no protection for your privacy, your online information, or even your personal identity. Passwords are now required to access websites, banking, email, social media, favorite shopping sites, chat venues like iMessenger, and even certain documents. These annoying, forgettable, intrusive entities are the first line of defense against hackers and for many, their entire defense. Because so many treat passwords casually, despite all they know about their importance, password theft is one of the fastest growing and most effective crimes.
While every expert recommends changing your password two-three times a year, no one does that. Do you? I don’t. I’m challenged to remember my password much less remember to change it regularly. As a result, World Password Day came into being:
Annually, on World Password Day, change all of your passwords
Why change passwords
A study in the UK found that the average person has around 118 accounts. That’s more than anyone can keep track of and why it’s popular to link logins to social media accounts (Facebook and Twitter being the most common) or Google accounts. Many schools use the latter to make it easier for students to remember the plethora of passwords for email, LMSs, cloud drives, math programs, and the increasingly common online resources used for their learning. Many people think they’ll never be hacked but a lot of damage can be done between now and never.
Personally, having a day a year dedicated to updating my passwords is a big help. Otherwise, I’d only change them when my bank, credit company, or favorite online store told me someone hacked their servers. Then, it’s a race to see if I can change the password before the hackers invade. Digital security protocols require I be more proactive with managing my passwords. Monthly would be wonderful but yearly works too.
Creating a password that satisfies a website’s criteria and then remembering it the next time you want to log in — that’s nigh on impossible. It used to be good enough to use your birthday or maiden name. Who would think of those? The answer: Everyone. Same answer for the nineteen other most popular passwords:
Avoid all of these as well as words found in the dictionary, family pet names, birth dates, account numbers, prime numbers, and sibling’s names. A password should never be the same as the username, a sequence (such as abcde, 12345), any of these in reverse, empty, or contain personal information. Here are three quick tips on how to create a strong password:
- Use 8-13 characters that are a combination of upper and lower case letters, numbers and symbols.
- Use song lyrics, words in another language, or unusual movie titles.
- Find a phrase you’ll remember. Use the first letter of each word.
Security Beyond Passwords
Many companies offer security that goes beyond the iconic password. Here are a few options you should be familiar with:
- Two-step authentication: This requires not only a password and username but something that only the user has, i.e. the answer to a predetermined security question or a code delivered to a pre-registered cell phone.
- Multi-Factor Authentication (MFA): This requires a password in conjunction with a fingerprint, facial recognition, or a one-time code delivered usually via text message.
- Steganographic login: This is based on an image that is coded to allow you to login via a finger swipe or tap.
How to manage passwords
Passwords are critical to defending against identity theft. If a hacker can access your personal information, he can steal your identity, open accounts in your name, and prevent you accessing your own data and money. There are many ways this is done but you are the first step to preventing it. Take password management seriously. Protect your passwords with a few simple rules:
- Never write them down.
- Don’t share them.
- Don’t type them when someone is looking.
- Never send them in an email.
- Change them immediately when compromised.
- Use different passwords for different accounts
When one of your accounts notifies you that their server has been hacked, change your password. Don’t ignore it because you’re too insignificant to interest scammers.
Here are websites addressing this topic that I use in my K-8 classrooms and with my high school-level grad students:
- How Secure is Your Password? — enter your password and this site tells you how secure it is. It takes only seconds to tell you how long your password would take to crack and how to lengthen it by using tricks you won’t forget. It’s a great activity for class when addressing internet safety.
- Password Generator — enter the parameters you’d like for your new password (i.e., symbols, numbers, letters, capitals, numbers, and more). Once the website generates the complicated secure password, it provides a sentence to help you remember it.
Now go ahead — on World Password Day, take five minutes to have students change their passwords. Give bonus points if they talk their parents into doing the same.
Update: While lots of people think frequent password changes (more than yearly) is recomended, the National Institute of Standards and Technology came out with new guidelines that might put your mind at rest if you aren’t a frequent password changer. But they do have other suggestions. Read their paper here.
As the popular webcomic XKCD, puts it: “Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.”
Jacqui Murray has been teaching K-18 technology for 30 years. She is the editor/author of over a hundred tech ed resources including a K-12 technology curriculum, K-8 keyboard curriculum, K-8 Digital Citizenship curriculum. She is an adjunct professor in tech ed, Master Teacher, webmaster for four blogs, an Amazon Vine Voice, CSTA presentation reviewer, freelance journalist on tech ed topics, contributor to NEA Today, and author of the tech thrillers, To Hunt a Sub and Twenty-four Days. You can find her resources at Structured Learning.