More than a Password Day 2024

image

Andrew van der Stock

Tuesday, November 12, 2024

Welcome to the annual More than a Password Day! To celebrate this year’s event, OWASP is enabling multi-factor authentication across the OWASP Foundation’s infrastructure. This is a significant step forward in securing our systems and data. At the start of this year’s event, we had only 21% of all OWASP accounts enrolled in MFA. We’re aiming to increase this to 100% by the end of the year.

How to enable multi-factor authentication on your account

If you haven’t yet enabled multi-factor authentication, just sign in today and follow the prompts. If you already have MFA enabled, you’re all set!

How to run a security check on your OWASP account

We recommend you run a security check on your account to ensure your account is secure.

Use password-free authentication

Simpler to use and far more secure than passwords, passkeys use cryptographic to prove that you are you. Once enrolled in Google MFA, you can enroll in passkeys.

Secure your email account

Email is the most common form of resetting your password. Add extra security to deter access to your accounts:

  • Strong password (long, randomly generated and unique)
  • Multi-factor authentication / two-step verification

Password managers allow you to have unique, strong passwords for each site, and can help you identify weak or reused passwords.

Add layers of security

Additional security measures can help prevent phishing and other attacks, if used in addition to your password.

  • A hardware security key (or token)
  • An authenticator app

Password managers often come with a built-in authenticator app, which can be used to secure your accounts.

Use a password manager

  • Using a password manager means you can use strong, randomly generated, harder to guess passwords.
  • Use a strong, memorable password manager password.

Use a technique or passphrases to pick passwords

  • Use “three random words” or passphrases to pick passwords that are easier to remember but hard to guess.

Hacked? Move fast to change passwords

Your passwords should be changed immediately if:

  • One of your devices is compromised
  • If an online site or service you use is hacked

Using random unique passwords with a password manager means you only need to change breached passwords. Many password managers can help you identify which passwords need changing.

Watch Star