It’s World Password Day! Change your passwords. Especially Twitter’s.
World Password Day is here and it’s as good a time as any to evaluate your password choices (as well as life). Unless your password is “NoRagrets” (which is obviously mine and is very strong), you’re not doing everything you can to secure your presence online.
By your own doing or by that of others, security compromises can happen at any time and you’ll end up suffering the consequences. Take Twitter for example:
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
Twitter revealed today, on World Password Day of all days, that it may have accidentally exposed the passwords of its 330 million+ users. According to Twitter CTO Parag Agarwal, a bug in the system caused this issue. User passwords, which were supposed to be stored as encrypted random characters, were being saved as readable plain text passwords on an internal system log.
It’s unsure exactly when Twitter figured this out or how many accounts were affected by this, but the company is urging each and every user to change their password. This has led to speculation that a major chunk of their user base might be affected.
We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do. https://t.co/yVKOqnlITA
— Parag Agrawal (@paraga) May 3, 2018
While investigations seem to have proved no misuse or breach, this is a reminder that nothing can be too secure on the Internet.
You might argue that you’re not bothered by it and that your social media presence isn’t big enough to warrant a hack. The recent Cambridge Analytica – Facebook scandal proved that an innocent looking Facebook app is all it took for a company to influence your vote patterns. That’s a story for another day but the lesson is all the same: Security and privacy matters to everyone.
If changing & remembering the passwords to all the sites you log-on to is a huge pain in the ass for you, welcome to the club. Reluctant at first, I’ve since found password managers to be pretty helpful. Chrome’s built-in password manager, 1Password, LastPass, Dashlane or KeePass are some of the best password managers available today. It’ll remember all your passwords, fill them in automatically while logging into sites, and generate super-strong passwords when you’re creating new accounts.
The exact opposite of exercising caution is what Nutella advised everyone to do on World Password Day. In a bizarre tweet, @NutellaGlobal “urged” its followers to choose a password that everyone loves, Nutella (for example). Not only is this one of the weirdest ways of hopping on a bandwagon, it just makes for bad brand practice.
— Nutella (@NutellaGlobal) May 3, 2018
The phrase “Nutella” is not only known worldwide, it is one of the most exposed passwords in the Internet’s history. 20,800 times to be exact, according to the Pwned Passwords Database. Click on the link and check if your own password has ever been exposed in a data breach before.
So what should a strong password be like?
Now that you know what you should NOT do when it comes to passwords, (thanks, Nutella) here are some of the things you should do to secure your stuff online:
- Simple, plain alphabetical passwords are a big no-no. Listen to the advice of password suggestions and you’ll be good.
- Enable two-factor authentication where ever it is supported. It’ll save the day more often than not.
- Try out a password manager to help handle all your passwords online.
A simple demo of the “rules of setting passwords” has been illustrated in the comic below in the best way possible. Credits to xkcd comics for explaining the complexities of entropy to us simpletons.