World Password Day 2023 - Current Recommendations

World Password Day on the first Thursday in May is a reminder of the importance of strong passwords and proven best practices. NIST and BSI recommend passphrases, MFA and regular checks for compromise. We explain tips for choosing strong passwords and handling account details in our article.

Reading time:
3 min
World Password Day 2023 - Current Recommendations Image by vectorjuice/Freepik

World Password Day was first launched in 2013 by Intel Security (then McAfee) to raise awareness of the importance of strong passwords and the dangers of password theft. Since then, World Password Day has been celebrated every year on the first Thursday in May.

Passwords are one of the most important lines of defence against cybercriminals trying to access confidential data or cause harm. When a password is hacked, criminals can access private information such as credit card numbers, national insurance numbers or banking information, which can lead to identity theft and financial loss. The National Institute of Standards and Technology (NIST) and the German Federal Office for Information Security (BSI) are two organisations that publish recommendations for the secure use of passwords. Both recommend choosing long passwords that consist of a random combination of letters, numbers and special characters. The BSI also recommends not changing passwords regularly unless there is a suspicion of compromise. NIST updated its recommendations in 2021 and now also recommends using passphrases instead of complex passwords. A passphrase is a phrase of several words that is easy to remember but harder to guess or hack. Using a passphrase increases security because it is longer and more complex than a simple password. Both organisations also recommend enabling the use of multi-factor authentication (MFA) wherever possible. MFA increases security by adding an extra layer of protection that prevents an attacker from gaining access to an account even if they know the password.

Another important recommendation when dealing with passwords is to regularly check for compromise. There are several online tools that you can use to check if your passwords have appeared in stolen databases or if your accounts have been affected by a security breach. One such tool is, for example, the “Leakchecker” of the University of Bonn, which checks databases of stolen accounts and passwords and provides users with information if their data has been affected.

It is important to regularly check whether your passwords have been compromised, as stolen passwords are often sold on dark web marketplaces and can be used by cybercriminals to attack your accounts. If you find that your passwords have been affected, you should change them immediately and enable MFA to protect your account.

Based on NIST and BSI recommendations and proven best practices, there are some steps you can take to create strong passwords and secure your accounts:

Recommendations for choosing and managing passwords.

  • Use a passphrase instead of a complex password.
  • Use different passwords for different accounts.
  • Activate MFA wherever possible.
  • Do not use easy-to-guess passwords such as “123456” or “password”.
  • Do not use personal information such as dates of birth or names of family members.
  • Avoid using words from the dictionary.
  • Use password manager software to store passwords securely.
  • Never share your passwords with anyone or store them unprotected on your computer.
  • Check regularly if your password has been compromised by using services such as the Leakchecker of the University of Bonn.

World Password Day is an opportunity to raise awareness of the importance of strong passwords and the dangers of password theft. By implementing proven best practices such as using passphrases, enabling MFA, regularly checking for compromise and using password managers, you can help protect your accounts and data. Make World Password Day an occasion to review your passwords and ensure you are taking the necessary steps to protect your privacy and security online.

Contact an Expert

Do you have any further questions or need specific help? Write us a message or arrange a meeting directly.

Show more

Get to the blog