It’s World Password Day: Let’s Talk About More Than Fixing “My Password”
Chief Technology Officer, ioXt
It’s the first Thursday in May, which means another World Password Day: a day that raises awareness about the importance of good password creation and maintenance. That is, the need to have strong, unique passwords for all online accounts and to change them at least once a year to make it harder to get hacked. No one wants their data compromised, and coming up with something more original than “ji32k7au4a83” is a small price to improve internet security.
For those scratching their heads right about now, “ji32k7au4a83” translates to “my password” on a Zhuyin (or Mandarin-transliterating) keyboard. This demonstrates how a seemingly random string of characters can have a hidden meaning. It also explains, given the immense popularity of Zhuyin keyboards in Taiwan, why data breach repository Have I Been Pwned (HIBP) has seen “ji32k7au4a83” in over 140 breaches.
Lesson to be learned: Use randomized passwords that are actually random.
Today, with the Internet of Things a part of everyday life, concern surrounding passwords and other security vulnerabilities has escalated. The “joy-filled internet of tomorrow,” as some call the coming age where billions of connections will bring sweeping changes to our lifestyle and economy (driverless cars, smart homes, mainstream augmented and virtual reality), also threatens to bring more data security risks than ever.
But that doesn’t have to be the case.
It’s true that consumers can be smarter about protecting their digital footprint, including using password best practices.
But what about the makers of their smart devices?
Specifically, what can manufacturers do to target hackers and improve cybersecurity before these products even reach the hands of consumers?
They can make consumer products secure by design.
By ensuring device security, upgradability and transparency, manufacturers can provide retailers with safe products that assure consumers they’re making an intelligent (not just a “smart”) buy.
One way to design security into consumer products is for each device to have unique security credentials that allow it to operate. In other words, the product shall not have a universal password—one that could potentially be guessed by remote attackers and thereby allow them to gain control of not just one device, but possibly every unit of a given device model.
Universal passwords are one of the security vulnerabilities of connected devices. Too few consumers ever change the default password of a device, such as a Wi-Fi camera or a Wi-Fi router. Consequently, it has become easy for attackers to share known password lists and to gain access to consumers’ home data.
By requiring each new device to either come with a unique password or for the user to create a password before the device can operate, manufacturers would make it nearly impossible for a fresh-out-of-the-box device to be hacked remotely.
It would also underscore the idea for consumers that password creation is a critical —and personal—part of engaging with the “world” of IoT.
That their engagement is something that requires continual protection, and that device manufacturers can, and should, help them get there.
If manufacturers take the lead by creating products that are secure by design, consumers can count on their data being reasonably protected—even if they don’t observe World Password Day.