Posted on May 5th, 2017 by Joe Schreiber

People are overwhelmed these days with the number of passwords they have to remember. So, naturally, they tend to use an easy-to-remember password for multiple accounts. This poses a grave security risk to the individual and to his or her company. It begs the question: are passwords enough?

As we celebrate World Password Day, let's take another look at the use and abuse of passwords, and some alternatives to the traditional password.

Password manager SplashData found that the two most popular passwords out there are “123456” and “password.”  Other passwords that made the top 10 most popular passwords are “12345678,” “qwerty,” “12345,” “123456789,” “football,” “1234,” “1234567,” and “baseball.” Are you guilty of using any of these?

To add to that, a survey of 2,500 working Americans by The Leadership Factor found that three-quarters of respondents re-use the same batch of passwords online, and one-third use fewer than five different passwords to access between 25 and 50 personal and business sites. Do you re-use your passwords?

Employers, unfortunately, are not much better. Close to two-thirds of business owners re-use the same password to log in to different systems, and 61 percent remain unconcerned about the security of their systems, the survey found.

Lucky for us, there are many ways to make passwords more secure.

Alternative #1: multi-factor authentication

Multi-factor authentication is a must nowadays. With this method of password security, passwords can be combined with a second “factor” such as a security token or biometric verification.  With MFA, if a criminal were able to acquire your password they would still need a secondary piece of information in order to login.  This secondary information is often a text message, one time code or similar ephemeral information that the attacker is unlikely to gain access to.  There are a number of sites and apps that offer multi-factor authentication, and the list is growing. Be sure to check out the sites you visit, and especially your online banking provider, and see if they offer multi-factor authentication. Set it up. You won't be sorry.

Alternative #2: passphrase

Another approach is to throw out your passwords and replace them with a passphrase. What is that you may ask? A passphrase is a phrase or sentence that you can remember but cybercriminals will have a hard time guessing.

Password Dragon offers five reasons why passphrases are better than passwords.  Note that there are some loopholes here that you'll want to avoid. A passphrase that uses common words might not be much more secure than a password. A study by Cambridge University researchers found that using lists of movie and book titles enabled them to guess passphrases used by Amazon users.

So, how can you make sure your passphrases are more secure than the standard password? Alan Henry with LifeHacker recommends that you use passphrases that are “entirely nonsensical” to a password-cracking tool but memorable to you.

For example, instead of using your car make and model for your passphrase, you could add in the year, color, and other information that is important to you but unknown to a hacker or password-cracking tool. Or, if you want to use the lyrics from one of your favorite songs as a passphrase, you could use the first letter of each word instead.

Still having trouble coming up with (and remembering) your passphrases? Fear not. A password manager can generate and store passphrases for each of your accounts, so you don't have to worry about remembering them. That also means you can make them as complicated as they need to be and the password manager will remember them for you.

The final take: passwords aren't enough these days. With so many other alternatives, tips, and tricks, there's no excuse for having weak passwords. Take the time on World Password Day to reevaluate your passwords.