World Password Day: 2 + 2 = 4
Credit to Author: Paul Ducklin| Date: Thu, 04 May 2023 13:12:17 +0000
World Password Day is always hard to write tips for, because the primary advice you’ll hear has been the same for many years.
That’s because the “passwordless future” that we’ve all been promised is still some time away, even if some services already support it.
Simply put, we’re stuck with the old, while at the same time preparing for the new.
That’s why we’ve come up with four tips for 2023, but split them into two halves.
Thus the headline: 2 + 2 = 4.
We’ve got two Timeless Tips that you already know (but might still be putting off), plus two Tips To Think About Today.
TIMELESS TIP 1. PASSWORD MANAGEMENT
Use a password manager if you can.
Password managers help you choose a completely different password for every site. They can come up with 20 random characters as easily as you can remember your cat’s name. And they make it hard to put the right password into the wrong site, because they can’t be tricked by what a site looks like. They always check the URL of the website instead.
TIMELESS TIP 2. GO TWO-FACTOR
Use 2FA when you can.
2FA is short for two-factor authentication, where a password alone is not enough. 2FA often relies on one-time codes, typically six digits long, that you have to put in as well as your same-every-time password. So it’s a minor inconvenience for you, but it makes things harder for the crooks, because they can’t jump straight in with just a stolen password.
TIP FOR TODAY 1. LESS IS MORE
Get rid of accounts you aren’t using.
Lots of sites force you to create a permanent account even if you only want to use them once. That leaves them holding personal data that they don’t need, but that they could leak at any time. (If sites can’t or won’t close your account and delete your data when asked, consider reporting them to the regulator in your country.)
TIP FOR TODAY 2. REVISIT RECOVERY
Revisit your account recovery settings.
You may have old accounts with recovery settings such as phone numbers or email addresses that are no longer valid, or that you no longer use. That means you can’t recover the account if ever you need to, but someone else might be able to. Fix the recovery settings if you can, or consider closing your account (see previous tip).
And with that, Happy World Password Day, everybody 🌻