Password insecurity is a never ending story … We continue to breach all the basic rules for its creation and maintenance And despite repeated attempts to raise awareness, we make the same mistakes year after year. Take a look at our best practice guide to password management again.
Passwords are the preferred authentication method for accessing Internet services or logging into operating systems, applications, games and all types of machines. In recent years, the industry has proposed biometric systems, functions such as dual factor and others to increase security. But until passwords are fully extended they will remain the most used method.
Incomprehensibly, his management has not improved. Can’t we do better than “123456”? It seems not. Users are “lazy” by nature or carefree despite how much we put ourselves at risk in exposing our digital life that encompasses both professional and personal issues. And financial.
The worst passwords of 2020
NordPass specialist has released its annual report on the state of password security. It has been made after analyzing more than 275 million passwords leaked in the attacks that occurred in the last year. There is no week that goes by without knowing a massive data breach and with it millions of passwords are exposed.
The list of the worst is regrettable and is repeated year after year with old ones known as «123456» (1st place), «111111» (6th) or «password» (4th place). Of course, they are the ones to avoid at all costs since a hacker can obtain them in less than a second simply with a command that tests the most used.
Or using brute force attacks, words, number combinations and other simple tests to achieve in a short time. This group includes others as insecure as “superman” (position 88) or “pokemon” (position 51). There is everything and in all fields, names like “Daniel” (77) or “Charlie” (96); “Myspace1” (80) or “computer” (116); “Soccer” (60) or “football” (73); “Chocolate” (114) or “cookie” (position 126).
Basic rules for creating strong passwords
Passwords are known to be a horrible method both in security and usability, but until more advanced methods are consolidated we will have to continue with them. And make an effort to create them with basic standards that are repeated in any cybersecurity manual:
Don’t use typical words or common numbers. Neither should personal names, pet names or dates of birth be used. Combine uppercase and lowercase. Combine numbers with letters. Add special characters. Lengthen the term with the largest number of digits. Do not use the same password on all sites. Especially, use specific passwords for banking and online shopping sites. And in your case also vary the username. Keep the password safe from any third party. Reinforce the use of passwords with other supported systems, especially double authentication (2FA) or biometric systems, fingerprint sensors or facial recognition. Never reveal the password to anyone. Neither in supposed official requests from emails or messages from messaging services since they are usually phishing attacks.
An alternative option is the managers who do the work on our own. And better. This kind of software reduces human error in handling passwords, as it automates the process of generating passwords and accessing websites and services. Of course, the passwords created are highly secure, meeting standard standards in size and complexity.
One of its great advantages is that the user only needs to remember a master password and the manager will do the rest. They also help against phishing attacks by immediately identifying characters from other alphabets. They tend to work on multiple platforms and can work offline and online. Of course, it saves time accessing websites and Internet services.
The best known options in password managers are commercial and / or payment web services, which require you to trust them to give them the keys to your digital home. Some time ago we proposed these five free and open source password managers, which have the great advantage of auditing the software and keeping the credentials under your control, installing and self-hosting on our own machine.
Another option is to use the password managers of the browsers themselves. For example, the most used on the Internet, Google’s Chrome, has its own administrator. Logged in with their account, a user can add the passwords of applications and services they want at will. The manager stores them securely, allows their management in chrome: // settings / passwords and uses them to fill in the username and password fields the next time you visit a website.
If you use alternatives like Firefox, you also have a ‘Password Manager’ function available, which is one of the best in browsers. Also the new Microsoft Edge has its own manager and recently announced the improvement in the editing of passwords.