Celebrating World Password Day on May 7

April 22, 2026

Authored by: Karen Lyons, CSDS; Regulatory Compliance Manager, i-SIGMA

“Still using your first pet’s name followed by “!, @, or &” password to access your 401(k) account? Sorry, but that’s not enough to protect your life savings….” This language was found in a 2019 online article on password security. Here we are seven years later, and the rapidly rising cybercrime statistics are alarming.

The FBI Internet Crime Complaint Center (IC3) , who also identifies emerging threats and new trends, reported averaging almost 3,000 complaints per day according to their 2025 Annual Report. The reported dollar amount also reported in the HIPAA Journal reported $21 billion in losses to cybercrime in 2025.

We already know weak or reused passwords make it significantly easier for cybercriminals to gain access to private information, leading to potential identity theft, financial loss, and even reputational damage to you or your business.

World Password Day, the first Thursday in May, encourages individuals and organizations to evaluate and upgrade their password habits. Enabling multi-factor authentication, updating passwords regularly, and using a reputable password manager can greatly improve your online safety. According to Bitwarden, one of many password managers, randomness such as passphrases, which helps by combining memorable words or phrases known to the user but less recognizable by hackers. An example might be a five-word, capitalized phrase such as “River-Battery-Copper-Window-Seven” (or a 4–5 word phrase that’s memorable but not personal).

For businesses, use a reliable hosting provider who performs regular backups, network monitoring, and provides support in case of an issue. Stay tuned for more on the subject of cybersecurity/cyber hygiene in upcoming communications, as i-SIGMA’s Certification Programs will soon require documentation, policies, and procedures verifying cyber hygiene implementation.

This World Password Day (May 7), take time to tighten access controls: enforce strong, unique passwords, require multi-factor authentication, and eliminate shared logins—ideally supported by a centralized password manager. These steps help reduce the risk of business disruption and data exposure year-round.