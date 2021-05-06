On the first Thursday of May, the tech industry celebrates World Password Day. An annual event that aims to make consumers and companies aware of the need to adopt best practices in their creation and use.

Passwords are a horrible method for security and usability, but they are still the preferred form of authentication to access Internet services or log in to operating systems, applications, games, networks and all kinds of machines. And we still have many years of use left through these access credentials, until biometric systems are fully implemented and added features like two-factor reinforce them enough.

World Password Day 2021

This annual reminder is motivated by the analysis of the millions of passwords that are exposed after multiple data breaches in companies large and small. Reports on these leaks confirm that we continue to systematically fail all the basic rules for creating and maintaining passwords, despite repeated attempts to raise awareness like the one at hand.

The list of the worst passwords should make us reflect because they are repeated year after year and the group of old ones known as “123456”, “111111” or “password” dominate the usage lists. And they are the ones to avoid at all costs since a hacker can obtain them in less than a second simply with a command that tests the most used. Or using brute force attacks, words, number combinations and other simple tests to achieve in a short time.

How to create strong passwords

We make it very easy for cybercriminals. Users are “lazy” by nature or carefree despite how much we put ourselves at risk in exposing our digital life that encompasses both professional and personal issues. And financial … The most sought after for obvious reasons.

The recommendation is the usual one. Must make an effort to create it with basic rules that are included in any cybersecurity manual and indicate what there is and what not to do when creating and using passwords. We remember them again:

Don’t use typical words or common numbers. Do not use personal names, pets or dates of birth. Combine uppercase and lowercase. Combine numbers with letters. Add special characters. Lengthen the term with the largest number of digits. Do not use the same password on all sites. Especially, use specific and strong passwords for banking and online shopping sites where we expose our financial information. Keep the password safe from any third party. Never reveal the password to anyone. Nor in supposed official requests from emails or messages from messaging services since they are usually phishing attacks that impersonate your identity. Vary username and email. Reinforce the use of passwords whenever functions such as double authentication (2FA) or biometric systems, fingerprint sensors or facial recognition are available. Cleaning online accounts that we do not use as a regular maintenance task. Check if your passwords are hacked. Have I Been Pwned is a good place to look.

General password managers

It is almost impossible for a human Internet user to safely manage the credentials to access the hundreds of accounts that we are surely subscribed to. There is a group of applications that are of great help. Basically this kind of software reduces human error in handling passwords, as it automates the process of generation and access to websites and services.

Of course, the passwords created by these managers are highly secure, meeting standard standards in size and complexity. They also help against phishing attacks by immediately identifying characters from other alphabets and add a huge benefit: we only need to remember a master password and the manager will do the rest.

Sure, applications such as the renowned LastPass and other commercial and / or paid ones sound familiar to you, but from our practical section we proposed these five open source and totally free solutions that our users liked a lot. The great advantage of open source administrators is the possibility of auditing the software and keeping the credentials under your control, installing and self-hosting them on our own machine.

We remind you of the most interesting:

KeePass. It is the ‘grandfather’ of open source password managers and has been around since the days of Windows XP. KeePass stores passwords in an encrypted database that you can access using a password or digital key. You can import and export passwords in a wide variety of formats.

Bitwarden. Especially intended for LastPass users looking for a more transparent alternative, it works as a web service that you can access from any desktop browser, while for Android and iOS it has their respective mobile apps. Bitwarden can share passwords and has secure access with multi-factor authentication and audit trails.

Passbolt. A self-hosted password manager specifically designed for work teams. It integrates with online collaboration tools such as browsers, email, or chat clients. You can self-host the program on your own servers to maintain complete control of the data, although inexperienced teams or infrastructure can use a cloud version that hosts them on the company’s servers.

Psono. Psono is another option for teams looking for open source enterprise password management software. This is a self-hosted solution that offers an attractive web-based client written in Python, with source code available under the Apache 2.0 license.

Teampass. A team-oriented manager with an offline base mode that we like, where it exports its items to an encrypted file that can be used in locations without an internet connection. Teampass is not the prettiest application in the world, but the design is tremendous and you can quickly define roles, user privileges and folder access.

Managers in browsers

If you don’t want to use third-party managers, another option is to use the password managers of the browsers themselves. Chrome, the leader of the segment, has improved its performance and capacity considerably in the latest versions, including functions offered by the specialized ones above, such as the detection of compromised passwords, the warning when you believe a weak one or a very simple edition of it in the own manager.

The manager stores them safely, allows their management in chrome: // settings / passwords and uses them to complete the username and password fields the next time you visit a website. Very similar to what Mozilla has been doing to Firefox with its ‘Password Manager’ which is one of the best in web browsers. Microsoft’s new Chromium-based Edge also has its own manager that offers the basics of a dedicated manager.

A new reminder this World Password Day 2021 to raise awareness of the need to invest a few minutes of your time in addressing a crucial element for your security on the Internet and that of your digital home. And there are no excuses. We have the information and the means. Let’s not make it so easy for the enemies of others.