This post contains affiliate links, marked with . This means, if you make a purchase through such a link, I may earn a small commission at no extra cost to you. For more information, click here.

Change your password day? Well-intentioned, but out of date and hardly helpful properly, even more harmful: How to really increase access security!

In the aftermath of the Data Privacy Day, on the first of February, part of the IT industry celebrates "Change Your Password Day". The idea is to remind people that an old password is not secure and that changing it regularly provides greater access protection. However, this is hardly positive to safety, but rather even harmful.

Advertisement

This is because the randomly enforced change of passwords tends to encourage users to choose easy-to-remember passwords that are supplemented by easy-to-guess continuous patterns. The password changed from "Password#21" to "Password#22" certainly does not provide better security. How to create more secure passwords can be read here. But we can even do better!

Two-factor authentication wherever possible

That's why I suggest activating two-factor authentication (2FA) wherever possible. With a stolen username and password, attackers are still faced with a closed door - the second factor is missing. Today's day would be better renamed to "Enable Two-Factor Authentication Day." You can usually activate 2FA quite easily in the user profile for the relevant platforms or shops. A small click that brings so much more security.

For the second factor, a so-called authenticator is used. For example, a smartphone app like Google Authenticator or 1Password is used to create a one-time password that is only valid for a very short time. In addition to the username and password, you prove that you are the actual owner of the access. The additional effort is minimal, the security gain enormous.

In addition, the second factor is often checked only once: Users authenticate their browser or app, and the approval is stored per device. It is not requested again until a certain time has passed since the last authentication.

Some services also offer SMS as a second factor, but this is no longer considered secure. There are always successful attacks in which attackers intercept the SMS and thus gain unauthorized access. This should therefore only be used as an emergency option.

Password Manager for Families, Businesses, Teams | 1Password
A password manager, digital vault, form filler and secure digital wallet. 1Password remembers all your passwords for you to help keep account information safe.
1Password