Today (May 7) is World Password Day, highlighting how many users still have weak or vulnerable passwords.

“The recent headlines about 500 000 Zoom passwords being up for sale confirm how important it is that people change their password habits,” says Anna Collard, MD of KnowBe4 Africa.

“Passwords are painful. I get it. But using the same password over and over again puts us at risk. My advice is using a password manager. This means you only have to remember one very strong password, and the password manager takes care of all the other ones.

“And, wherever possible, apply multi-factor authentication. This is combining your password with something that you own, like a One Time Password app on your phone.”

KnowBe4 has launched a new kit to help people strengthen and improve their password management in recognition of World Password Day on 7 May.

The National Cyber Security Centre in the UK found that the most hacked passwords that were used the most overall were as follows: 123456, 123456789, qwerty, password and 111111. First names, premier league football teams, musicians and fictional characters were also found to be popular password categories that are easily cracked.

“Contrary to popular belief, bad guys don’t actually need to crack weak passwords, they can just reuse the billions of passwords already available for sale on the dark web. Using a technique called ‘credential stuffing’; hackers use account details obtained from older data breaches,” Collard explains.

According to the LastPass Psychology of Passwords Report, 91% of people know password reuse is insecure, yet two-thirds do it anyway. Half of respondents hadn’t changed their passwords in over the past 12 months even after hearing about a breach in the news.

“There’s a lot of debate out there about the best password policy and whether or not they should be long, short, how complex, etc,” says Roger Grimes, data-driven defense evangelist, KnowBe4. “The National Institute of Standards and Technology (NIST) has drastically changed their advice recently, stating that long and complex passwords shouldn’t be required and they don’t need to be changed unless they’ve been compromised in some manner.

“This has been continuously debated and many security professionals do not agree with this advice. The most important thing to remember is to never reuse the same password for multiple sites. It’s also recommended to use multi-factor authentication whenever possible and a to use a password manager.”

The KnowBe4 World Password Day Kit is available to anyone who is looking to learn more about password best practices and includes a complex password guide; a video by Kevin Mitnick on how easy it is to crack a password; and KnowBe4’s complimentary Password Exposure Test.