If you or an organization you represent would like to become an official WPD Advocate, sign up here.
If you're like most people, you've used the same password for years.
It's hard to get rid of something you love, but just like those old jeans you know will never fit again, it's time to let 'em go.
Real talk: Cyber criminals regularly steal passwords by the thousands from the companies and databases that store them. This can put you in hot water if you haven't changed your passwords recently, or use the same password across web sites.
You should change your important passwords as often as you change the oil in your car. Upgrading your password takes five minutes and can save you hours of trouble down the line.
World Password Day's tips and guidelines were designed in the mindset of "How can we get end users, especially non-technical users, to improve aspects of their behavior without alienating them completely?"
Because ~90% of passwords are weak, we wanted to create basic, actionable advice for the widest population set - everyone - even if that meant sacrificing some password strength. We consider high compliance in creating stronger passwords a greater win than low compliance in creating the strongest passwords.
Of course, if you'd get your gold star and learn about the "strongest passwords," we'd like to help you. What follows is a quick intro into more advanced password thought. We'll cover a few basics, then point you to other resources. If that sounds like a waterslide of fun to you, read on!
There is no totally secure password. A breach in any layer of security - think phishing, keystroke logging, social engineering, software vulnerabilities - and password-cracking hardware, will effectively render the strength of any password null. The wary user assumes every password can, and will, be cracked eventually. You can protect yourself from such attacks by implementing a system of multi-factor authentication, and by changing your passwords regularly.
The strength of a password is a combination of length, complexity , and unpredictability. Often, these factors are expressed using the terms “bits” and “entropy.” More bits mean more entropy. More entropy means a stronger password. Therefore more bits, and more entropy you have, the stronger password is. Learn more about bits and entropy here.
Here are some basic guidelines for creating a relatively high-bit, high-entropy password:
The downside of using high-entropy passwords is that they can be very hard to remember. We recommend using a secure password manager. There are a variety of methods, though, and each has its trade-off of convenience and security. Here are few to start:
Use a password manager. Most password managers encrypt, hash, and salt your passwords, which protects against most, if not all, known attacks. Additionally, they allow you to not know your passwords (protecting you against some human error), and allow you to share passwords with others, without actually giving them the password. They do, however, have a single point of failure, which is a risk some aren't willing to take.Learn More
Some people have said that your wallet is more secure than any computer, and, unless the people after your passwords are close by (which they sometimes are) that might be true.Learn More
So far, no one has hacked the human brain. Outside of torture, or human failure, committing your ~60 passwords to memory is secure. Whether it's practical, is up to you.Learn More
First of all, use common sense. Pretty much, if you never share your passwords with another human you don't know personally, you should be okay. Here are some other tips.
The following websites are great places to learn more about passwords, and information security in general:
PasswordResearch.com Bruce K. Marshall (a saint as far as we're concerned) has been maintaining this meticulous library of peer-reviewed password research and other password-related news since 2002.
DarkReading.com Information Week's cybersecurity blog is one of the most widely-read and trusted on the web. A valuable, no-nonsense resource.
SecurityReactions.tumblr.com The home for gif-expressed inside jokes of the cyber sec/IT community. Funny for those who know. Greek for those who don't.
1. How to enter: No purchase necessary. A purchase will not increase your chances of winning. The Intel Security World Password Win Contest (the “Contest”) will have one (1) drawing periods during which time all entries must be received. Pacific Standard Time shall control for all purposes of this Contest. Fourteen (14) winners will be chosen. Drawing period is as follows:
• Drawing: Wednesday, July 9th 12:01 AM PST through Wednesday August 6th 11:59 PM PST
During the Drawing period, participants must:
• Go to www.passwordday.org
• Tweet one of the 15 pledges found on the page which includes the hashtag #PasswordtoWin and the @IntelSecurity twitter handle.
Each shared pledge is an entry and can be shared once per day making it maximum of 15 entries per day. Each shared tweet must include both the #PasswordtoWin and @IntelSecurity.
Contest submissions will be accepted starting at 12:01 am PST on Monday, July 9th, during the drawing period on Twitter featuring the #PasswordtoWin hashtag and @IntelSecurity. Winners will be chosen from the viable pool of entries that used the hashtag and @IntelSecurity. No other method of entry will be accepted besides Twitter.
There is a limit of fifteen (15) eligible tweets per twitter account per day.
2. Eligibility: The contest is open globally to those who are 18 years of age or older on the date the contest begins and live in a jurisdiction where this prize contest and drawing are not prohibited. Employees of McAfee (“Sponsor”), Intel and their subsidiaries, affiliates, prize suppliers, and advertising and promotional agencies, their immediate families (spouses, parents, children, and siblings and their spouses), and individuals living in the same household as such employees are ineligible.
3. Winner Selection: Fourteen (14) winners will be selected from the eligible entries received during a Drawing’s entry period. By participating, entrants agree to be bound by the Official Contest Rules and the decisions of the coordinators, which shall be final and binding in all respects.
Winner Notification: Each drawing winner will be notified via direct message on Twitter.com at the end of each drawing period. Prize winners will be required to sign an Affidavit of Eligibility and Liability/Publicity Release (where permitted by law) to be returned within ten (10) days of written notification, or prize may be forfeited and an alternate winner may be selected. If a prize notification is returned as unclaimed or undeliverable to a potential winner, if potential winner cannot be reached within four (4) calendar days from the first notification attempt, or if potential winner fails to return requisite document within the specified time period, or if a potential winner is not in compliance with these Official Rules, then such person shall be disqualified and, at Sponsor’s sole discretion, an alternate winner may be selected for the prize at issue based on the winner selection process described above.
4. Prizes: Fourteen (14) Prizes are available to be won. The Grand Prize is a Microsoft Surface™ Pro 3 and a 1-year subscription to McAfee LiveSafe™ service (Approximate retail value "ARV" of Grand Prize package is $1,079 USD). First Place prize is a Dell Venue Pro11 and a 1-year subscription to McAfee LiveSafe service (ARV of First Place prize is $580 USD). Second Place prize is an ASUS Transformer Book T100 and a 1-year subscription to McAfee LiveSafe service (ARV of Second Place prize is $478 USD). Third Place prize is Acer C720P Chromebook and a 1-year subscription to McAfee LiveSafe service (ARV of Third Place prize is $378 USD) There are ten (10) Fourth Place prizes of a 1-year subscription to McAfee LiveSafe service (the ARV of each Fourth Place prize is $80 USD).
Entrants agree that Sponsor has the sole right to determine the winners of the drawing and all matters or disputes arising from the drawing and that its determination is final and binding. There are no prize substitutions, transfers or cash equivalents permitted except at the sole discretion of Sponsor.
Sponsor will not replace any lost or stolen prizes. Sponsor is not responsible for delays in prize delivery beyond its control. All other expenses and items not specifically mentioned in these Official Rules are not included and are the prize winners’ sole responsibility. ARV of the prize may be subject to market fluctuation. In the event the stated ARV of a prize is more than the actual retail value of the prize at the time of award, the difference will not be awarded in cash or otherwise.
5. General conditions: Entrants agree that by entering they agree to be bound by these rules. All federal, state, and local taxes, fees, and surcharges on prize packages are the sole responsibility of the prizewinner.
Sponsor is not responsible for incorrect or inaccurate entry information, whether caused by any of the equipment or programming associated with or utilized in the Contest, or by any technical or human error, which may occur in the processing of the Contest entries. By entering, participants release and hold harmless Sponsor and its respective parents, subsidiaries, affiliates, directors, officers, employees, attorneys, agents, and representatives from any and all liability for any injuries, loss, claim, action, demand, or damage of any kind arising from or in connection with the contest, any prize won, any misuse or malfunction of any prize awarded, participation in any contest-related activity, or participation in the contest.
Prize Forfeiture: Each prize will be awarded. If winner cannot be notified, does not respond to notification, does not meet eligibility requirements, or otherwise does not comply with these prize drawing rules, then the winner will forfeit the prize and an alternate winner will be selected from remaining eligible entry forms for each Drawing.
Dispute Resolution: Entrants agree that Sponsor. has the sole right to determine the winners of the drawing and all matters or disputes arising from the drawing and that its determination is final and binding. There are no prize substitutions, transfers or cash equivalents permitted except at the sole discretion of Sponsor.
Governing Law: Each Prize Drawing and these rules will be construed in accordance with the laws, jurisdiction, and venue of New York.