- Several times a day we put different passwords on our electronic devices and are always under threat of being hacked by cybercriminals. Hence the importance of creating secure passwords that are difficult to access.
 |
| Passwords should not be reused on different platforms. / Pixabay |
World Password Day has been celebrated on the first Thursday of May since 2013, so today, May 5, we want to make our particular mention of this day, since we surely use passwords several times a day and They are very important to protect us from cybercriminals.
The commemoration of this day was promoted by Intel Security. However, Intel got the idea from the book 'Perfect Password' by Mark Burnett. In short, it is a way to raise awareness of the importance of passwords in the online world.
Jesús F. Rodríguez-Aragón, CEO of Iberbox, a more secure cloud-based service platform with superior encryption for professionals and companies, details in statements to 20Bits, that "many times users are not aware of the importance of a good password. Sometimes, cybersecurity problems and vulnerabilities do not come so much from system security problems, but from poor password quality.
Today, anyone has an account on many platforms and these platforms usually require an access password to verify the identity of the registered person.
The multitude of platforms that we access means that we can forget about passwords. "This, in itself, is a vulnerability, since there comes a time, and this happens to all of us, in which on many occasions, we even do not know where we have an account created and where we do not," explained Rodríguez-Aragón.
The first weakness is not even knowing which platforms we have to protect. For this reason, according to the CEO of Iberbox, it is advisable to have a system in place to know the accounts we have created, which will help us keep our passwords safe and up-to-date.
Most used and most vulnerable passwords
There are key dictionaries with the most common passwords since many people simply use common words. We can also find that many of the passwords used are simply combinations of our names, dates of birth, or even simply our email or the name of our company followed by some digit.
And yes, they are also the most vulnerable, since they are the first combinations that are tested when 'hacking' an online account.
Computer attacks sometimes start with mere human error. Among them is the use of weak passwords and, above all, the reuse of passwords.
The fact of reusing passwords implies that there are databases of user/password pairs, which cybercriminals use to attempt to access the same data on different platforms. This is as simple as if a vulnerability is found on one platform and your password is exposed, cybercriminals will next try to use your username and that password on every platform they can think of.
If you are a person who reuses the password, it will be enough for cybercriminals to find a weakness in a platform to be able to access all your accounts. The most important rule of all is that passwords should never be reused across different platforms.
According to a survey carried out by the cybersecurity company S2 Grupo from its blog Hijosdigitales.es, 56% of users confirm that they never change their passwords and use them for years. In addition, more than 42% of Internet users claim to use the same password for all their services, a practice that exposes their cybersecurity.
Most common mistakes: simplicity
One of the main problems is the simplicity of passwords. Our password is the key to accessing a platform. In short, it is the first layer of security that we implement in a place on the Internet.
In reality, in a home, for example, if we have a door that does not have much security, we are putting our home at risk of being accessed by outsiders. In the same way, if the password that we put on a platform is a very simple password (only numbers, for example), our account can be attacked and accessed by strangers.
On many occasions, people try to comply with a secure password, and to do so, they combine uppercase, lowercase letters, and numbers, for example. However, there are patterns that are used by cybercriminals that turn those seemingly complex passwords into simple passwords.
Rodríguez-Aragón explains that “a password where we put our first 4 characters of the name, then the first 4 characters of the last name, followed by a “1” and then a “!”. Initially, it looks like a complicated password, but these kinds of patterns are built into many password dictionaries; which make that password really an easy password for cybercriminals.”
There is a rule that a good password should be at least 10 characters long and include:
- Uppercase and lowercase letters.
- Numbers and special characters.
- The greater the number of characters that our password has, the more secure it will be.
What do I have to do if my password is 'stolen'?
In cases of impersonation, the first thing we must do is report it to the National Police or the Computer Crimes Group of the Civil Guard.
Later, inform the INCIBE telephone number 017 where we will receive advice on cybersecurity problems. Similarly, we should inform the Spanish Data Protection Agency.
Once these steps are done, we can, of course, inform the platform in question where we have suffered identity theft so that they try to remedy and solve it as soon as possible.
How to avoid being a perfect target for cybercriminals
Good habits are always effective in these cases: create passwords with high entropy, do not reuse passwords, change passwords from time to time, and use double factor authentication (2FA) to put a second layer of cybersecurity against access to our accounts on the platforms.
Something highly recommended for this is the use of password managers that are properly encrypted and that are not shared with third parties. In this way, we can have strong passwords on all our platforms without fear of losing these passwords.
Specifically, from Iberbox, they recommend normalizing the use of a 'digital key ring', in the same way, that we do not have a single key that opens all the doors that we use in our day to day, but rather we have key rings where we have the different keys of the doors we use.
Tips for a good password
- Do not use family data, since they could be known through social networks, nor words or series of numbers.
- Hackers use automated password cracking systems that make use of word dictionaries and generate number combinations.
- According to recent studies, the worst passwords are '123456', 'password', 'abc123', 'qwerty', etc.
- Internet users should choose strong passwords, with passwords that must have at least eight characters, uppercase, lowercase, numbers, and keyboard symbols.
- The keys should be memorable, but not guessable, by using familiar words and numbers along with other elements.
- It is also recommended not to save the password in the browser, change it periodically and use different passwords for each service.