Bengaluru: World Password Day falls on the first Thursday of May every year. Digital and Internet rights experts emphasise the importance of strong passwords to protect oneself from cyber threats.
“In a hyper-connected world, strong and unique passwords are the first line of defense against cybercriminals looking to infiltrate your digital life,” states Pranesh Prakash, co-founder of the Centre for Internet and Society.
“We should do our part to protect ourselves, but the government and banks should also help protect citizens,” he adds.
He points out that Indian banks have implemented restrictions on pasting usernames and passwords and have suggested password changes every few months. However, this practice often results in users forgetting their passwords. Instead, he suggests adopting two-factor authentication, as employed by major platforms like Facebook, Google, and Microsoft.
Most official websites ask for passwords with multiple characters instead of checking for strong passwords, which should be avoided. Due to this, the government and banks are unintentionally promoting poor password practices. He adds that there is an increasing preference for passkeys. It is still at a very nascent stage.
“Cyber vigilance should be mandated, not an option,” he says.
Pranav Bidare, a researcher at the Centre for Internet and Society, says password managers like 1Password are handy. Many of these are paid apps but are worth it as they offer another layer of security. Free alternatives are also available but with limited features.
He also advises people to keep track of security breaches and to change their passwords immediately. Other physical measures also include not leaving your devices unlocked, being wary of how you use public wifi services, and not sharing sensitive information with others.
“Rely more on password-based encryption and less on SMS-based OTPs and biometrics-based authentication for financial and other services,” he advises.
What constitutes a strong password?
Prakash suggests do’s and dont’s:
1. Sync passwords based on your mother tongue or a non-English language.
2. Use a prover or film song line through Roman translation with over 15 characters.
3. Use a password manager, which is usually built into the system to keep track of the passwords.
4. Do not use the same password for multiple platforms.
5. If you choose to write down your passwords on paper, then don’t write down the complete name of the website or the bank; use code words to avoid any breaches.