World Password Day: 3 Tips


May 2nd is World Password Day—A great reason to stop and think about your password hygiene. This helpful password table from Hive Systems illustrates the importance. 

Last fall, Veritas discussed ‘the new normal’ in cybersecurity: that threat actors are logging in to victim networks. While we’ve learned that an end-to-end, multi-layered security strategy is essential, the domain of Identity Management is both crucial and ever-evolving. 2023 had an alarming rate of password-based attacks. An average of 4,000 attacks per according to the Microsoft Digital Defense Report.  

As we consider password hygiene, what practices are ‘good,’ ‘better,’ and ‘best’? 

Eve Maler, former CTO of ForgeRock and globally recognized pioneer in identity and access management (IAM), offered three tips.

  1. Use a password manager and generate strong passwords through it, rather than trying to do all this yourself. I was shocked (and pleased) to learn that password manager use is up to 34% (See makes it mainstream enough to be adoptable by just about anybody.
  2. Turn on multi-factor authentication (MFA) wherever it is offered. If this method turns out to be only a one-time passcode sent by text (SMS) or email, then use it anyway, but know that this is so often compromised that any seriously valuable access – such as to your bank account – shouldn’t depend on it alone. Stay alert for scams. In addition to MFA, understand that biometrics are much harder to overcome than a password.
  3. Wherever you’re offered “passkeys,” if you’ve got a password manager to hold them, accept them! These are becoming more common and can't be stolen the way passwords can. This makes them “phishing-resistant.” This way, you’re actively contributing to a much safer Internet, for yourself and everyone around you. As a bonus, you’re getting a much smoother login experience.

Credit: passphrase xkcd comic

A best practice is to increase security with ephemeral passcodes: time sensitive passcodes being sent via text message or e-mail that must be entered along with the password. Passcodes that are ephemeral - only valid for a short amount of time - are extremely hard to defeat. The DIE Triad – meaning distributed, immutable, and ephemeral, is gaining in popularity in some of the largest IAM organizations today.

World password day is a great reminder to consider this important facet of defense in depth.

Eve Maler is a globally recognized pioneer in identity and access management and standards. At Venn Factory she drives identity, security, and privacy success in the connected world. Eve’s leadership on pivotal protocols such as XML, SAML, UMA, and HEART as well as industry efforts like UK Open Banking, US government health IT, and the medical Internet of Things demonstrate her unwavering commitment to innovation. Eve is the former CTO of ForgeRock and also worked at Forrester Research in IAM, strong authentication, and API security.

World Password Day

World Password Day is celebrated on the first Thursday of May each year to raise awareness about the importance of password security, the most prominent threats, and best practices for users to follow.

Achieving Cyber Resilience with Zero Doubt

For more insights on how to navigate the complexities of today's cyber threat environment with zero doubt, tune in to our virtual broadcast.

Subscribe to the Veritas Cybersecurity Newsletter on LinkedIn for insights on enterprise-grade cyber resilience.  

Dr. Joye Purser
Field CISO Veritas