Happy World Password Day! As security awareness managers, these named events and days can be critical tools for our security programs. They generate buzz and stick in people’s minds. May 2nd 2024 is probably the easiest day to teach your team members about passwords, simply because some named it “World Password Day”.

In today’s blog, we’ll be sharing with you some tips and stories you can share with your employees on World Password Day, or any day, to increase password strength awareness. Feel free to send this blog or one of your chosen tips or stories to your employees today, wishing them a Happy Password Day!

What is World Password Day?

World Password Day is a completely made-up day by Data Solutions company, Intel. Although it’s not a real day, it doesn’t mean we security awareness managers can’t take advantage of the catchy name.

The day has caught on in the security world, as the need for strong passwords becomes more imminent. It’s the one day of the year that serves as a reminder that strong passwords lead to stronger privacy. The event is observed on the first Thursday of May every year. 

iPhone password for World Password Day

Photo by Yura Fresh on Unsplash

"It’s been a “super-fantastic” experience to see people learning and talking about security threats."

For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges.  (Limited time offer. Normally valued at $999 USD)

Use Promo Code: 6WEEKS

Cybersecurity Awareness Training for ALL

Take proactive steps to invest in your business’s cyber resilience now to protect your organization from costly data breaches and disruptions. Start easily with our Quickstart Training Bundles. To learn more CLICK HERE.

What tips can I share with my team?

A simple way to observe World Password Day is by sending password tips to your team members. You could do this in several formats, depending on where you typically communicate with your team. You could send a Slack message or email with your top three tips, you could work with IT to put password tips on everyone’s desktop backgrounds, or you could hand out flyers with different tips throughout your organization. Here are some that you could include:

Use simple tricks to increase your password strength

A simple ten-character password doesn’t cut it anymore. For passwords to be strong, they need to be hard to guess. However, being hard to guess can mean being hard to remember. There are a few simple tricks you can use to increase password strength, but still remember what your password is. We share our favourites in one of our latest blogs on increasing password strength

Our favourite tricks? Using passphrases like “LampFlowerCalculatorHockey” or using songs to create abbreviations (“Suasytpmsast.” = the lyrics to Billy Joel’s Piano Man). 

Use a password manager

The best way to have strong passwords is to use a password manager. This bypasses the need for individuals to remember every password, rather they just need to know the one to access the rest of their passwords. This allows for all the stored passwords to be the strongest possible. 

This World Password Day, host a 5-minute workshop at the beginning of one of your regular meetings. In the workshop, show your employees how to use a password manager of your choice. Explain why it can help them and your business, then send a link to download the password manager in the chat. If you don’t have regular meetings, you could also send a recording of this simple demonstration. 

Regularly change your passwords

World Password Day is the perfect excuse to ask your executives for a chunk of your employees’ time. Ask them to give each employee half an hour to change all their existing passwords. It can be a bonus if everyone also starts using a password manager this day!

In a dream world, passwords should be updated every three months, but that’s likely not happening for all your employees. Setting aside time for them in their busy schedule encourages them to do a task they’d typically procrastinate. If your execs don’t approve of the half-hour break, a simple Slack message or email serving as a reminder to update passwords could also do the trick.

Turn on Multi-Factor Authentication

One of the best ways to protect your accounts on top of strong passwords, is Multi-Factor Authentication (MFA). Now would be a great time to launch a new policy on using Multi-Factor Authentication on all your company accounts. Use the messaging behind #WorldPasswordDay to inform your employees that a new policy is launching requiring them to implement some form of authentication on their accounts. 

Send out a formal email letting everyone know about this new policy, which will reinforce your password protection strategy. 

Password breach checks

A fun activity for your employees to partake in on World Password Day is checking if their accounts have been compromised. It doesn’t sound fun, but using websites like Have I Been Pwned puts into perspective how many breaches people can be affected by without even knowing. This can have a huge impact on how your employees think about passwords. 

Have your employees complete this exercise and use it as a proof point on why they should take time on World Password Day to update all their passwords. It can be a great discussion point on who’s email was “pwned” the most or who was most surprised. 

What stories can I share with my team?

Another engaging way to celebrate World Password Day is to share stories with your employees about the most famous password breaches. In the most ideal scenario, you can tell these stories in a meeting or workshop, using visual aids and your storytelling abilities to engage your employees as much as possible. 

If you can’t get in a presentation on one of these stories, a quick Slack message or email highlighting one is great, too. You can engage your employees more by asking them a discussion question to answer in a thread. For example, “What could have been done to save this situation?”, “What confuses you the most about this story?”, “What threats do you spot here?”

Here are a few of our favourite stories:

  • Change Healthcare Attack: You know the Change Healthcare attack that is still making headlines? It started all because of an account with a re-used password and no Multi-Factor Authentication (MFA). Your employees likely already know about this breach, but it may be used to them that a password issue caused it. 
  • Dropbox Breach: This breach resulted in 60 million pieces of customer data being stolen. The cause? You guessed it, another weak password by an employee. 
  • Ticketmaster Breach: Everyone knows Ticketmaster, but do they know it was once compromised due to a weak password? Share this story, or any from this 2021 article, to show the impacts improper password practice can have. 

Use any of these stories and tips to take advantage of #WorldPasswordDay and spread awareness of the importance of having strong passwords. Most importantly, stay safe, everyone!