Better than a password day 2024 is coming! Secure your account today!

[Andrew van der Stock]

Hi there,

We will be joining in this year's Better than a Password Day 2024, organized by Common Good Cyber, a collective of security non-profit organizations. Sadly, despite being the peak application security non-profit, only 1219 accounts out of the 8183 (14.9%!!!) owasp.org accounts are enrolled in any form of multi-factor authentication. This is not a good look. 

This year, we're doing something really special - on November 12, we will be enabling mandatory multi-factor authentication on all owasp.org accounts and encouraging everyone to log in and enable MFA. 

I encourage you to do a security check up today, by going to:

https://myaccount.google.com/security-checkup

Please resolve all the security issues found in your checkup, including the lack of multi-factor authentication. I strongly encourage you to use a password manager that can store passkeys, which are a far stronger authentication mechanism than passwords and are superior in every single way. Make sure you have a recovery account set, and that you have backup codes stored securely somewhere in case you lose all your devices at once, such as in a fire or hurricane or similar.

We will turn off requiring MFA off after the event, but at some point, we will start requiring it. I encourage you to discuss this here and on Slack. Please promote Better than a Password Day on your social media when we start rolling out the social media campaign.

thanks,

Andrew