Latest news with #WorldPasswordDay
NDTV
2 days ago
- NDTV
Google's Urgent Alert: Dump Passwords Now Or Risk Getting Hacked
Google is urging users to upgrade their Gmail account's security by moving on from older sign-in methods like passwords and two-factor authentication (2FA). The tech giant is pushing for users to upgrade accounts to passkeys as well social sign-ins, which use authenticated platforms like "Sign in with Google", according to a report in Forbes. As per Google, 61 per cent of email users have been targeted by attacks, with the rise of artificial intelligence (AI) being attributed to the new wave of cyber crimes. The company warns that "Passwords are painful to maintain", meaning they are more prone to phishing and often leaked through data breaches. "It's important to use tools that automatically secure your account and protect you from scams," the California-based company said. Passkeys is a login system that replaces passwords with biometric authentication via a trusted device like a smartphone. Google views passkeys as "phishing resistant", which can help users log in simply with the method they use to unlock their devices, which can include fingerprint recognition, facial scan, or the pattern lock. While the danger remains, the situation is a little better with younger users. The Gen Z users are preferring passkeys and social sign-ins while the older generations are still persisting with the previous ways. In the time it takes to try and remember or reset your password, you could be securely signed in with a passkey 🔐. Just sayin'. Learn more: #WorldPasswordDay — Gmail (@gmail) May 1, 2025 Also Read | US Researcher Proposes Detonating Massive Nuclear Bomb Under Ocean To Save Earth Instagram boss attacked Google's warning comes in the backdrop of Instagram boss, Adam Mosseri, stating he was very close to being a victim of a phishing scheme that involved the use of some real-looking "secure Google domains". "Experienced a sophisticated phishing attack yesterday. Someone with perfect English called from 818-538-7922. They said my Google account was compromised and they sent me an email to confirm my identity," wrote Mr Mosseri on Threads. "On the phone, they asked me to change my password using my Gmail app and to *not* say my new password out loud," he added. The Instagram head said he might have succumbed to the attack if he had not heard it about from a friend who "experienced a similar attack" last year.
Gizmodo
07-05-2025
- Business
- Gizmodo
Missed World Password Day? Here's How to Shield Yourself from Massive Security Risks
World Password Day (on May 1st) is an annual reminder of the – absolute – necessity of employing strong, unique passwords to protect your digital existence. In the midst of all the reports about compromised data and hacked accounts, (too) many individuals still persist in using weak or redundant passwords and put their online presence at risk in the process. The truth is, until you've tried using a password manager, you just can't get how much easier and more secure it makes your life online. Instead of trying to manage hundreds of logins or falling into old habits, a password manager takes the worry out of being safe online. Just in time for this World Password Day, there is a great offer for those who want to improve their online security: NordPass Premium is only $1.49 per month, a 50% discount compared to its normal price ($2.99). This plan includes unlimited storage for passwords, the capacity to create strong, diverse passwords, and functionality to spot weak or repeated passwords in your vault. See NordPass For those that require a complete security solution, they also offer a bundle package containing NordPass Premium alongside the top-tier NordVPN VPN service at $3.99/month which offers a huge 73% discount from the regular price. In addition to helping with your passwords, this package protects your internet connection and makes your online behavior anonymous. See NordVPN + NordPass Game Changer for Your Security Having a password manager like NordPass (you can check our NordPass review here) is an all-around game changer. Once you've installed it, you can securely save all your passwords and access them immediately on all your devices. Autofill and autosave make logging in easy and you'll never have to remember a password again. You will also enjoy features like multi-factor authentication and biometric login to improve security. Another popular feature of NordPass Premium is the capacity to track for data breaches: If any of your credentials are discovered in leaked databases, you will be alerted right away so you can act before your information is used improperly. NordPass also facilitates sharing passwords securely with contacts which is convenient for families or teams who need to work together safely. The bundle plan including NordPass + NordVPN is also very appealing if you require an all-in-one package of security tools: With password management, you also get a VPN (read here our best VPN listing) to secure your internet connection to keep your browsing private and your public Wi-Fi files out of prying eyes. There's even a premium bundle that adds encrypted cloud storage so that you can store and share files with end-to-end encryption for maximum privacy. To see the deals: See NordPass See NordVPN + NordPass
Economic Times
06-05-2025
- Economic Times
Microsoft's bold 'passwordless' leap sparks alarm: ‘Are we really ready to say goodbye to passwords?'
Fort Knox or Flawed Fix? — msftsecurity (@msftsecurity) One App to Rule Them All—and That's the Problem Are We Jumping Through Too Many Hoops for Safety? You Might Also Like: Indian techie quits lucrative job at Microsoft in US and moves to India. His reason will surprise you The Future May Be Passwordless, But It's Not Painless In a move that's being hailed as revolutionary by some and reckless by others, Microsoft has officially begun phasing out passwords—yes, the very thing we've been taught to guard with our lives. The tech giant announced that going forward, new users will no longer be able to create traditional password-based logins. Instead, they'll need to sign up using modern alternatives like passkeys , push notifications, or security keys . It's a futuristic leap, but not everyone's announcement, strategically timed to coincide with what used to be known as World Password Day , has now been rebranded by Microsoft as World Passkey Day. While the company is touting it as a win for cybersecurity—claiming passkeys are the key to a simpler, more secure internet—many users are feeling locked out rather than rationale seems solid at first glance. In 2025, cyberattacks have become a grim everyday reality—ransomware, data leaks, and phishing attempts are hitting both individuals and corporations with alarming frequency. Passwords, often reused and poorly managed, are a common vulnerability. Microsoft's solution: eliminate the weak link industry giants like Apple and Google under the FIDO Alliance , Microsoft hopes to normalize a passwordless world. Its 'Passkey Pledge' is part of a broader commitment to a digital future where every login is secure by design, not just by chance. On paper, it's a noble behind the scenes, a tech headache is biggest hurdle? To fully embrace passwordless login, users must first download the Microsoft Authenticator app . Without it, there's no way to delete your password and switch entirely to a passkey system. This has sparked backlash online, especially from users who already rely on other apps like Authy or Google Authenticator. Critics argue Microsoft's approach is needlessly restrictive—and potentially Reddit, frustration is bubbling over. 'What if I lose my device?' one user asked. 'Breakdown, theft, lost… that's my concern.' Another pointed out the lack of app compatibility: 'Putting all your eggs in one basket makes the system more fragile, not less.'Even more alarming are the tales of accidental chaos. With passkeys being saved to multiple platforms—Samsung Pass, Chrome, Firefox, random password managers—some users feel more confused than ever. One exasperated commenter summed it up: 'Passkeys are a pain in the ass. It's a solution that causes more problems for me.'Microsoft maintains that the passwordless future will be safer, simpler, and more secure. And technically, it's not wrong. The WebAuthn standard used in passkeys is designed to resist phishing and brute-force attacks. In theory, it's a cybersecurity in practice, the transition feels more like a tech nightmare to many. It's not just about ditching passwords—it's about learning a new digital language in a world already saturated with apps, sync issues, and login intentions may be visionary, but the execution is drawing heat. The shift to passwordless security could indeed mark the end of one of the internet's oldest vulnerabilities. But for millions of users grappling with lost devices, incompatible apps, and disjointed ecosystems, the question remains: is the passwordless future one we're truly prepared for?For now, it seems the road to a safer digital world might be paved with frustration, confusion—and a few forgotten passkeys. Would you trust a system where one lost phone could lock you out of your digital life?
Malay Mail
06-05-2025
- Malay Mail
Should you use passwords by ChatGPT, Deepseek and Llama? Here's what you need to know
KUALA LUMPUR, May 6 — Generative AI is super useful but should you rely on these tools to generate passwords? In conjunction with World Password Day, Kaspersky has analysed 1,000 passwords generated with various AI tools including ChatGPT, DeepSeek and Llama to find out if they are any good in keeping your logins safe. As a general rule of thumb, you should avoid reusing the same password across multiple accounts as attackers can reuse the same password to gain access to other platforms. While it is tempting to use AI to generate random passwords, it turns out that the supposed random passwords aren't as random as you think. AI-generated passwords don't offer True Randomness Kaspersky's Data Science Team Lead, Alexey Antonov, had generated 1,000 passwords using the top large language models (LLMs) such as OpenAI's ChatGPT, Meta's Llama and China's DeepSeek. On the surface, the LLMs seem to be aware that a good password requires at least 12 characters with a mixture of uppercase and lowercase letters, numbers and symbols. DeepSeek and Llama tend to generate passwords using dictionary words with some letters substituted for characters such as S@d0w12, M@n@go3, B@n@n@7 (DeepSeek), K5yB0a8dS8 and S1mP1eL1on (Lllama). These passwords are deemed unsafe as the trick of substituting letters is known and they are not difficult to brute force. On the surface, ChatGPT seems to be better as it is able to generate more random-looking passwords such as qLUx@^9Wp#YZ, YLU@x#Wp9q^Z , P@zq^XWLY#v9 and X@9pYWq^#Lzv. However, if you look closer, there's a noticeable pattern where certain characters are used repeatedly such as X, p and 9. When all symbols used in the 1000 ChatGPT-generated passwords are illustrated in a histogram, it becomes clear that a small cluster of top 13 characters (x,p, I, L, q, y, @, v, w, X, Y, 9, #) are showing significantly higher frequency of over 700 times. This means the majority of passwords generated aren't as random as one would hoped for. Llama seems to show slightly better 'randomness' with only top 2 characters appearing more than 500 times, while DeepSeek' seems to be the best among the three with the most balanced-looking histogram for character frequency. What makes a good password? According to Kaspersky, an ideal random password generator should not have any character preference. All symbols and characters should appear approximately the same number of times. In addition, a good password should also include a special character or digits, which are often neglected by ChatGPT (26 per cent), Llama (32 per cent) and DeepSeek (29 per cent). Another concern is that DeekSeek and Llama sometimes tend to generate a password that's too short, with less than 12 characters. With the known password generated pattern as illustrated above, cyber criminals can speed up their password brute force attempts by starting with the most frequent combinations for a higher probability of success. Last year, Antonov developed a machine learning algorithm to test password strength and it was found that nearly 60 per cent of passwords can be cracked within an hour using modern GPUs or cloud-based cracking tools. When he applied the same algorithm for AI-generated passwords, he discovered that these passwords were far less secure. Eighty-eight per cent of DeepSeek and 87 per cent of Llama generated passwords were not strong enough to withstand a sophisticated cyber attack. Meanwhile, ChatGPT did performed better with 33 per cent of generated passwords deemed not strong enough to pass the Kaspersky test. Antonov added that the problem with LLMs is that they don't create true randomness. Instead, they mimic patterns from existing data, which makes these password outputs predictable to attackers who understands how these models work. Instead of using AI, Kaspersky recommends users to adopt dedicated password management software which include Kaspersky's Password Manager to generate and manage all of your passwords. Password managers use cryptographically secure generators to create passwords without detectable patterns to ensure true randomness. On top of that, all credentials are stored in a secured vault protected by a single master password. As a result, you would only need to remember one password for the vault, instead of having to remember hundreds of passwords for various platforms. For greater convenience, password managers also offer auto-fill and synchronisation across multiple platforms. Not only it helps to streamline the login process on all your devices without compromising on security but it also alerts you of potential data leak if one of your registered platforms has faced a data breach. — SoyaCincau
Tahawul Tech
04-05-2025
- Tahawul Tech
World Password Day: Replacing the weakest link with smarter security
Experts urge enterprises to ditch outdated password routines for behavior-driven, passwordless solutions as cyber threats evolve. World Password Day is no longer just a day to reset a password—it's a wake-up call. As cyberattacks become more sophisticated, industry leaders agree: the password, once the gatekeeper of digital identity, has become the weakest link. From evolving best practices to the behavioral science behind poor password hygiene, experts across the cybersecurity spectrum are calling for a fundamental shift in how organizations approach authentication. World Password Day, observed on the first Thursday of May, was established in 2013 by Intel Security to raise awareness about the importance of strong password practices. Inspired by security expert Mark Burnett's call to dedicate a day to password hygiene, the day encourages individuals and organizations to strengthen their digital defenses through secure passwords, multi-factor authentication, and passwordless technologies. The first line of defense: strengthen it or replace it 'A strong password is your first barrier; don't let it be the weakest link,' says Ezzeldin Hussein, Regional Senior Director, Solution Engineering – META at SentinelOne. 'A password is more than just a key; it's the gateway to your digital identity. Strengthen it, protect it, and complement it with multi-factor authentication. On World Password Day, let's commit to better security habits—because a strong password today means a safer digital world tomorrow.' Passwords remain foundational to digital security—but they must evolve. Hussein advocates for strong, unique passwords backed by multi-factor authentication (MFA) and password managers. More importantly, he emphasizes a shared responsibility: users and organizations must adopt secure habits and champion next-generation alternatives like biometrics and passkeys. The end of the password: a necessary evolution 'We need to move away from reliance on passwords and shared secrets,' insists Chester Wisniewski, Director and Global Field CTO at Sophos. 'Access keys or passkeys today represent the most robust solution for building a future without passwords, phishing, and, hopefully, large-scale compromise.' Sophos' 2025 Active Adversary Report reveals that compromised credentials remain the top cause of cyber incidents for the second consecutive year. Traditional authentication methods—whether passwords or MFA codes—are being bypassed through advanced phishing kits and cookie theft. Wisniewski endorses WebAuthn, a protocol that leverages cryptographic key pairs and physical devices, including biometrics. This model not only prevents phishing but also authenticates both the user and the service—making unauthorized access significantly harder. Understanding why password fatigue persists 'It's not that people don't understand the risks. It's that the need for uninterrupted access often outweighs the promise of long-term protection,' explains Niresh Swamy, Enterprise Evangelist at ManageEngine. Swamy examines the human side of cybersecurity—specifically the psychological patterns that drive password fatigue, reuse, and weak security habits. Concepts like bounded rationality, availability heuristics, and loss aversion reveal that the struggle with passwords isn't about ignorance, but about mental efficiency. Organizations often respond with stricter protocols, but Swamy argues that the real fix lies in removing the need for passwords altogether. Solutions such as passkeys, Single Sign-On (SSO), and magic links reduce cognitive load and eliminate the risk of human error Designing behavior-aware systems To effectively tackle risky password behavior, organizations must bridge the gap between convenience and security. That means: Adopting passkey-enabled vaults to eliminate password memorization. Using SSO to centralize access and reduce the number of logins. Deploying PAM (Privileged Access Management) solutions that automate, restrict, and audit access. Embedding AI into access control policies to detect and prevent standing privileges and risky behavior in real-time. These are not just security upgrades—they're behavioral interventions. 'When an organization removes decision points where things go wrong, they're not just securing systems—they're correcting flawed human design,' Swamy notes. Policy must match progress The technological path forward is clear, but without supportive policy, security tools lose their impact. Shared credentials, over-permissioning, and legacy access controls remain common pitfalls. Progressive companies are implementing dynamic, AI-powered access policies that adjust privileges based on context and usage—reducing friction while increasing protection. Rethinking the absurdity of passwords 'In many ways, our daily interactions with passwords feel a lot like Sisyphus' burden,' Swamy reflects. 'We push the boulder uphill every day, only to start over. The solution is not to make the boulder lighter. It's to remove the hill.' Tools like passkeys, SSO, PAM, and AI do more than simplify access—they eliminate the absurdity of forcing humans to defend digital fortresses with mental gymnastics. When systems account for how people actually think and behave, security becomes sustainable. This World Password Day, the message is unified and urgent: secure systems must evolve beyond passwords. Whether by strengthening existing routines with MFA and password managers or by advancing toward passwordless authentication, the time for action is now. Because as our digital lives expand, so too must the way we protect them. Bernard Montel, EMEA Technical Director and Security Strategist at Tenable wants to remind us that we live in a digital world and we need to protect it. With passwords the virtual key to our online world, it's time to consider our password habits and what – if anything – can be done to make these virtual locks stronger: Securing Our Digital World: The Paramount Importance of Strong Passwords and Credential Hygiene This World Password Day is a timely reminder that strong passwords are more than just a best practice—they are critical to safeguarding our personal and professional digital lives. In a world where our data is stored, processed, and accessed online, the strength and security of our credentials can determine whether we remain protected or become vulnerable to cyber threats. Strong passwords serve as the frontline defence against unauthorised access. They protect not only emails and personal files, but also critical infrastructure, cloud platforms, and autonomous systems that run in the background—such as service accounts, APIs, and automated workflows. As these digital agents increasingly interact without human oversight, securing their credentials becomes just as vital as protecting user logins. Using complex, unique passwords—blending uppercase and lowercase letters, numbers, and symbols—significantly reduces the risk of brute-force attacks. However, password strength alone is not enough. Each credential should be unique and managed with care, especially for software accounts with elevated privileges or persistent access. Weak password practices can lead to devastating consequences: data breaches, identity theft, financial loss, and reputational harm. For organisations, compromised credentials—especially those tied to automation or backend systems—can trigger widespread service disruptions, intellectual property theft, and costly compliance violations. To combat these risks, organisations must adopt a layered approach to password security. This includes implementing multi-factor authentication (MFA), enforcing password complexity and rotation policies, and using secure credential management solutions to protect both human and machine accounts. Regular security training, audits, and awareness campaigns ensure that employees understand the stakes and uphold best practices. Ultimately, securing our digital world means protecting every entry point—human or machine—with diligence and care. Morey Haber, Chief Security Advisor at BeyondTrust, said: World Password Day on May 2nd, 2025, remains cybersecurity's most ironically misguided celebration. As a yearly event, it is a reminder of our collective failure to promote good password hygiene and highlight bad habits and silly mistakes. Despite endless warnings and breaches demonstrating password fragility, we have decided to dedicate a day to celebrate the weakest link in cyber defense; us – human beings. So, on May 2nd, we will recognize that as humans, we are fundamentally inept at password management and reuse secrets, refuse complexity, forget, and share passwords, creating a lucrative opportunity for threat actors to capitalize on our flaws. Therefore, for future celebrations, I would like to propose that World Password Day focus on marking a proactive pivot toward biometrics and passwordless authentication options, so we can ultimately change the narrative of identity attack vectors. Instead of promoting stronger passwords and a day when everyone should rotate their passwords, perhaps we should promote a technological revolution and replace passwords with modern solutions that can minimize our own human weaknesses: biometrics, MFA, and passkeys for everyone. Ziad Nasr, General Manager – Acronis Middle East On World Password Day, Acronis is reminding individuals and organizations across the UAE that a strong password remains one of the simplest, yet most powerful defenses against cybercrime. According to the Acronis Cyberthreats Report H2 2024, the UAE ranked among the top three countries globally targeted by malware attacks. A striking 16.2% of malicious URLs detected globally were blocked on UAE endpoints, signaling high exposure to credential-stealing threats. Compounding the risk, email-based attacks surged by 197%, with phishing responsible for 74% of all cyberattacks during this period. These phishing schemes are often designed to harvest login credentials, exploiting weak or reused passwords to gain unauthorized access to critical systems. Passwords are often the weakest link in cybersecurity. When attackers steal them through phishing or data breaches, they can bypass most security systems unless multi-factor authentication is in place. Acronis urges users in the UAE to: Avoid common passwords like '123456' or 'admin'—still alarmingly prevalent in breach data. Use a password manager to create and store strong, unique passwords. Enable two-factor authentication (2FA) wherever possible. Educate employees about phishing tactics to prevent password theft. In today's threat landscape — where AI-powered cyberattacks are rapidly growing — strong password hygiene isn't just an IT recommendation; it's a frontline defense.
