Held on the first Thursday of every May, Intel founded World Password Day in 2013 to highlight the importance of strong password security. Since then, password best practices have shifted as the technology changes, and as cyber criminals grow in sophistication.
Weak passwords in history
Nuclear codes (1962–1977)
Did you know that cybersecurity was an issue even in the 1960s and 1970s? Or not. For nearly two decades during the Cold War, U.S. nuclear launch codes were reportedly set to “00000000” to prioritize speed and ensure that military personnel could quickly launch weapons if ordered. Although no known harm resulted, the revelation highlighted how convenience has always been prioritized over safety.
RockYou data breach (2009)
In December 2009, social media app developer RockYou suffered a massive data breach that exposed more than 32 million user passwords stored in plain text. The breach revealed the widespread use of weak passwords, including “123456,” “password,” and “iloveyou.”
Twitter data breach (2020)
In July 2020, hackers used social engineering tactics to manipulate Twitter employees and gain access to internal administrative tools. The breach compromised high-profile accounts belonging to such high-profile figures as President Barack Obama, Elon Musk, and Bill Gates, and companies including Apple and Uber. Attackers used these accounts to promote a Bitcoin scam.
Colonial Pipeline cyberattack (2021)
Hackers gained access to Colonial Pipeline through a compromised password tied to an inactive VPN account that lacked multi-factor authentication. The attack disrupted fuel supplies across the East Coast.
Louvre incident (2025)
On October 19, 2025, four thieves took advantage of the Paris museum’s limited security coverage to steal historic pieces of jewelry from a reinforced case. The robbery took place on site, of course, but the Louvre had long been criticized for lax cybersecurity. As an example, during a 2014 security audit, the French information security agency reported that the password for the server managing the Louvre’s CCTV network was simply “Louvre.”
Strengthen your password strategy
The way we safeguard our data is shifting. Many industry experts now recommend using passkeys tied to devices or biometric information as a convenient and more secure alternative to passwords. Rather than logging in with text, a passkey might use a fingerprint, face scan, or a screen lock PIN to secure your data. These methods simplify the login process, and are also less susceptible to traditional phishing attacks and server breaches.
That said, if passkeys aren’t an option, it’s recommended to create strong, unique passphrases for each critical system. Although it is tempting to reuse a password or to create a short, simple login, these practices are not safe. Attackers can instantly crack short, complex passwords (such as “P@ssw0rd1!”). On the other hand, long, random strings of words of 16 characters or more, updated often, are difficult if not impossible to break.
Multi-Factor Authentication adds a layer of protection by requiring entry of a one-time code, a biometric scan, or use of a hardware token in addition to the password. Even if a password is compromised, MFA can block unauthorized access to sensitive accounts. Use of MFA is increasingly a regulatory expectation under the privacy rule of the Health Insurance Portability and Accountability Act (which applies to individually identifiable medical information), the Gramm-Leach Bliley Act (which applies to financial information), and the cybersecurity disclosure rules of the Securities and Exchange Commission.
Of course, there is a very human reason that people use short, easy, insecure passwords: The complex ones are difficult if not impossible to remember and often seem like more trouble than they are worth. Enter the encrypted password manager. Encrypted password managers can store all of a user’s passwords, and they can be accessed by a single password or biometric. They are far more secure than the proverbial Post-It note on the computer monitor or Outlook contact titled “My Passwords.” By safely storing complex, unique passwords and tracking credential access, encrypted password managers are a great tool for users with “password overload,” and they help organizations meet internal policy standards and demonstrate that “reasonable security measures” are in place.
World Password Day is a reminder to update and strengthen your password strategy. Whether you are an individual user or an organization, ensure the use of strong, unique credentials that change often, enable multi-factor authentication, and use secure password management tools. Treat your passwords as your first line of defense, and regularly review your practices to keep pace with the latest cyber threats.
The Constangy Cybersecurity & Data Privacy Team assists businesses of all sizes and industries develop a comprehensive incident response plan or support with a breach. We are here to help! The Constangy Cyber Team is available 24/7. Contact us at breachresponse@constangy.com or by phone at 877-DTA-BRCH.
The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation.
