We used to celebrate world password day to remind us to update our passwords, to better protect our identities. An admirable goal to be sure, brought to us by our friends at Intel. Reminds me of some other admirable holidays brought to us by corporations (I’m looking at you Hallmark!). Like other holidays we are likely to feel guilty about forgetting, maybe every day should be password day. And Valentine’s Day. And Mother’s Day. And Father’s Day. And… Arbor Day?
Seriously though, every day we need to remember that all that stands between us, and headline-level breaches are passwords. With very rare exception, we are all just a brute force attack away from becoming very bad news. I think that reminder was the aim of password day, and it’s a noble goal.
…But some holidays bring out the worst in people, and I’m high maintenance when it comes to passwords. I won’t settle for just a “card and flowers” this time. I want this world password day to be something really special. Something memorable. Something I can put on my Facebook wall and make all the haters jealous.
Let’s make this the day that we killed all passwords. Let’s, in fact, kill world password day, and instead celebrate “End of breach day.” Let’s celebrate SAML day, and Oath day, and Oauth day, and WS-Fed day, and world cryptography-is-really-hard-math day.
How? Here’s the top three places I suggest to start:
- Implement SAML everywhere possible. Cloud apps? Onsite apps? No problem. Centrify can help eliminate passwords entirely — and often simply — by implementing SAML across both.
- When passwords are still required, make it easier to use strong ones. Single sign-on means that employees can use a single complex password to get secure access to all their apps and devices — eliminating the need for them to remember multiple passwords, or reuse passwords.
- Put multi-factor authentication everywhere it makes sense — and make it easy for users. See the video below for just how simple this can be.
Join me as I raise a glass (or three) to honor the intention of password day — admirable to be sure. But lets hold ourselves to a higher standard and eliminate the password together.
“Here’s to world password day — let’s strive to make this one the last!”