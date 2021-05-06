INCIBE recommends using complex keys and using password managers

A cybercriminal with a conventional computer would take five minutes to crack a password like “copenhagen”; two days if it gets a bit complicated and “CoPEnhAgHe” is chosen; several years if a number is added; and it would be practically indecipherable if a special character is added and the service for which it will be used (1CoPEnhAgHe! CoRReo).

There are many more measures, but a strong password is the best shield for personal data and services and applications on electronic devices, and that is why experts advise against using the most recurring or the easiest to remember. A simple password can leave your data at the mercy of any hacker

Every first Thursday in May, it appears on the calendar as the “World Password Day”, an initiative promoted by several companies in the field of information technology and cybersecurity to make users aware of the importance of using secure keys, since the first authentication filter is the gateway to the devices.

According to the National Institute of Cybersecurity (INCIBE) -dependent of the Ministry of Economic Affairs and Digital Transformation- one of the most common mistakes that users make when managing passwords is to use a “weak” password and also use it in several services and applications and on different devices.

123456, the most used in Spain

In fact, according to data from the cybersecurity company S2, the most used passwords in Spain continue to be, in this order, “123456”, “123456789” and “12345”.

INCIBE has stressed the importance of not using “default” passwords (those that are included to access a system or an application), of incorporating redundant systems to access services that include sensitive information, of not sharing them with anyone, to change them periodically, not to use the same one for different things and not to use the “reminder” of passwords that many devices offer.

This organism it does advise the use of “password managers” as one of the most useful tools to govern all of them, because they allow to save the access codes to all applications or services in a centralized and secure way, since they are stored in an encrypted way and are only accessible if the user knows the “password master “unlock; that way, users only have to remember one to access all services.

The technical director for Spain and Portugal of the cybersecurity company Check Point, Eusebio Nieva, has stressed the importance of “strong and secure” passwords to prevent cyberattacks, third parties accessing personal information, information theft or the identity fraud.

Speaking to EFE, Nieva recalled a recent “phishing” campaign and how cybercriminals managed to expose and publicly available the credentials of numerous users, and has agreed that the best passwords are those that mix letters (uppercase or lowercase), numbers and symbols and the robustness provided by authentication measures “two-step” as they add an extra layer of security by sending a confirmation SMS message to allow access.

Never the same for all services

In his opinion, the most common mistake is – in addition to using short passwords for convenience and being easier to remember – reusing the same password for several services; “Using the same one for everything, no matter how safe you think it may be, is never a good option; If a cybercriminal accesses one service, they will have a clear path to all the others. ”

And it recognizes that it is difficult today to remember so many passwords, so it also recommends using a “password manager” that allows both managing and generating different robust and different access codes for each service.

In the same vein, the CEO of the cybersecurity company Kaspersky Iberia, Alfonso Ramírez, stressed that the advice not to use the same for all services “has not lost importance over time”, and explained that the two characteristics What makes passwords really effective are the character set used (“diversity makes them less predictive,” he said) and length.

“What best defines a password is that it is unique and this does not necessarily mean difficult to remember,” Alfonso Ramírez told EFE, who has also warned of the error involved in making only small changes. (go for example from “batman2018” to “batman2019”) when the passwords of some services are modified that require them to be replaced periodically.

The head of this company has also recommended using “two factor” authentication when possible and a “password manager”, which securely stores all credentials and is capable of generating complex passwords for services and applications.