Dear Lord, let this be the last World Password Day

On May 4th, devotees of Star Wars greet each other in celebration of the movies. This year, that Saturday is also World Naked Gardening Day. Both sound pretty ridiculous to me, but not as much as May 2nd, World Password Day. 

Why are we celebrating one of the most despised security measures known to humankind? Ask any cybersecurity professional and they will tell you they hate passwords; you’ll get the same response from most ordinary users as well.

“Traditional username and passwords are no longer sufficient for staying secure – but they unfortunately remain one of the most widely used forms of authentication globally,” Niall McConachie, Regional Director (UK & Ireland) at Yubico says.

“Simple passwords are easily remembered, but also easily guessed. Policies requiring passwords to become increasingly complex and more regularly updated ask more of users’ memories and directly impacts their experience.”

Me? Well, I’m not a religious man but I am praying this will be the last World Password Day. Here’s why.

Brief history of passwords

Although passwords have been around since Roman times, the modern-day computer password only dates back to 1960. The Massachusetts Institute of Technology (MIT) had developed a time-sharing system with access to many researchers, so Fernando Corbató devised a password system to help keep user files private.

It wasn’t until the 1970s that hashed passwords advanced password privacy. Robert Morris Sr was working at Bell Labs when he came up with the idea of being able to store a numerical code, or hash, of the password rather than the original string of characters.

Jump forward another five decades and nothing much has changed, and that sucks hard as far as real-world security is concerned.

Sadly, back in 2004, Bill Gates was wrong when he stated the password would die because it was useless at doing what it should: keeping critical information secure.

Related: An IT manager’s guide to passwords

Last World Password Day

And here we are, with a “World Day” trying to educate people they should do better with password hygiene. Ensure they are long, strong and complex. Never reuse the same password across services. Employ a password manager (which requires a password for your passwords) to help resolve the issue of having a million random passwords you would otherwise never remember. Oh, and don’t forget to use multi-factor authentication to remind you how rubbish passwords actually are.

Not everyone hates today as much as I do. Ravi Bindra, CISO at SoftwareOne, say that “World Password Day serves as a crucial reminder: fortify your defences with strong password practices. It’s not rocket science; it’s diligence. Embrace longer, diverse passphrases and bolster security with multi-factor authentication.”

However, Bindra also reminds us that: “As technology evolves, passwordless authentication is emerging as the future of tomorrow’s security landscape, leveraging biometrics and hardware for a safer digital journey.”

This is where I agree 100%, so should we be celebrating World Passwordless Day instead? Kind of, although I’d say that World Passkey Day would be more appropriate for now.

World Passkey Day, please

Jake Moore, Global Cybersecurity Advisor, ESET, says that today is the day people should be starting to ditch their passwords in favour of passkeys.

“Passkeys offer a more secure way to log into your account using Face ID/Touch ID/device passcode and let you bypass the traditional login method that includes passwords and two-factor authentication via SMS on your registered phone number.”

I’ll leave the last word to  Carla Roncato, Vice President of Identity, WatchGuard Technologies, though. “On this World Password Day, we should all pause and think about how we can adopt passkeys. Why not go further than thinking and reading about passkeys?”

Related: AI exposes your biggest security flaw: your voice

How to set up a passkey in Google Chrome in under two minutes

Here are the steps to set up a passkey in the Google Chrome browser on a Windows 11 laptop that is already enabled with Windows Hello face recognition.

Time needed: 2 minutes

How to set up a passkey in Google Chrome

  1. Make sure you’re logged in

    Log on to your Google Account at myaccount.google.com using Chrome browser

  2. Head to Security

    On the left side of the window, click on Security.

  3. Create a passkey

    Under the “How you sign in to Google” section, click on Passkeys. Click the “Create a Passkey” button.

  4. Prove who you are

    Follow the prompts to verify your identity and “Save your Passkey”.

  5. Make your life easy

    Set the option to skip passwords when possible, in your security settings.

  6. Test and move on with your life

    Test your passkey by signing out and signing in again.

You’re welcome.

Avatar photo
Davey Winder

With four decades of experience, Davey is one of the UK's most respected cybersecurity writers and a contributing editor to PC Pro magazine. He is also a senior contributor at Forbes. You can find him at TechFinitive covering all things cybersecurity.

NEXT UP