World Password Day: see how you can improve yours
Today, 05 May, we celebrate World Password Day. As Security and Privacy is one of the main research foci at INESC-ID, and one of the institute’s major Thematic Lines, we wanted to give our contribution to improving the strength and performance of everyone’s passwords.
Miguel Correia — researcher within the Distributed, Parallel and Secure Systems (DPSS) INESC-ID Research Area and Strategic Coordinator of the Security and Privacy Thematic Line — suggests using “strings of at least 10 characters that do not appear in a dictionary as passwords, mixing letters, digits and signs”.
“The two main problems with textual passwords are [that] most people choose predictable passwords (even the ones they think they don’t) and [that] most people reuse passwords between different services” commented João Ferreira, INESC-ID researcher within the Automated Reasoning and Software Reliability (ARSR) Research Area. João Ferreira is also one of the Principal Investigators of the PassCert Project (which aims to “build an open-source, proof-of-concept [password manager] that through the use of formal verification, is guaranteed to satisfy properties on data storage and password generation”), a CMU Portugal Exploratory Research Project.
From the perspective of a user creating an efficient password, João Ferreira has a few suggestions:
- Use at least 12 characters, using at least two or three different classes (between lowercase, uppercase, digits and symbols);
- Characters must appear in unpredictable positions — i.e., avoid putting capital letters at the beginning of the password and numbers/digits at the end of the password;
- Avoid using dictionary words or familiar expressions (e.g. sayings, parts of song lyrics, etc.);
- Do not use patterns like “1234” or “abcd” or keyboard patterns like “qwerty” or “cvbnm” or acronyms like “SCP”, “SLB” or “FCP”;
- Ensure the chosen password does not appear in any known “data breaches” (e.g., use something like Pwned Passwords).
Happy World Password Day!
Upcoming Events
NII International Internship Programme Presentation and Q&A by Emmanuel Planas
On April 30, Emmanuel Planas, the acting director of the Global Liaison Office (GLO) and responsible for the internationalisation program at the National Institute of Informatics (NII) in Tokyo, Japan, will give a presentation to introduce the NII and its internship program to INESC-ID students and IST’s Master’s in Computer Science students.
Date & Time: April 30, 14h00
Where: Sala Polivalente, Técnico – Taguspark
“The NII International Internship Program is an exchange activity with students from institutions with which NII has concluded a Memorandum of Understanding (MOU) agreement. This incentive program aims at giving interns the opportunity for professional and personal development by engaging in research activities under the guidance and supervision of NII researchers.
The NII Internship Program is open to Research Master’s and PhD students who are currently enrolled at one of the partner institutions that have signed an MOU agreement with NII.”
Educational Workshop on Responsible AI for Peace and Security (UNODA)
On June 6 and 7, The United Nations Office for Disarmament Affairs (UNODA) and the Stockholm International Peace Research Institute (SIPRI) are offering a selected group of technical students the opportunity to join a 2-day educational workshop on Responsible AI for peace and security.
The third workshop in the series will be held in Porto Salvo, Portugal, in collaboration with GAIPS, INESC-ID, and Instituto Superior Técnico. The workshop is open to students affiliated with universities in Europe, Central and South America, the Middle East and Africa, Oceania, and Asia.
Date & Time: June 6 a 7
Where: IST – Tagus Park, Porto Salvo
Registration deadline: April 8
Summary: “As with the impacts of Artificial intelligence (AI) on people’s day-to-day lives, the impacts for international peace and security include wide-ranging and significant opportunities and challenges. AI can help achieve the UN Sustainable Development Goals, but its dual-use nature means that peaceful applications can also be misused for harmful purposes such as political disinformation, cyberattacks, terrorism, or military operations. Meanwhile, those researching and developing AI in the civilian sector remain too often unaware of the risks that the misuse of civilian AI technology may pose to international peace and security and unsure about the role they can play in addressing them. Against this background, UNODA and SIPRI launched, in 2023, a three-year educational initiative on Promoting Responsible Innovation in AI for Peace and Security. The initiative, which is supported by the Council of the European Union, aims to support greater engagement of the civilian AI community in mitigating the unintended consequences of civilian AI research and innovation for peace and security. As part of that initiative, SIPRI and UNODA are organising a series of capacity building workshops for STEM students (at PhD and Master levels). These workshops aim to provide the opportunity for up-and-coming AI practitioners to work together and with experts to learn about a) how peaceful AI research and innovation may generate risks for international peace and security; b) how they could help prevent or mitigate those risks through responsible research and innovation; c) how they could support the promotion of responsible AI for peace and security.”