How to strengthen passwords on World Day 2022

Until the technology industry massively deploys other more user-friendly and secure systems, passwords remain the preferred form of authentication for accessing Internet services, logging into operating systems, applications, games, networks and all types of machines.

Although additional features such as 2FA have strengthened security by forcing the use of two-step verification, the truth is that passwords are not a reliable method today in the midst of an ever-increasing number of attacks. Even less so if users and companies continue to fail to comply with the basic rules for their creation, use and maintenance.

Security specialists calculate that hackers launch an average of 50 million password attacks every dayabout 580 per second. And they are highly effective, as it has been proven that 60% of data breaches are attributed to compromised credentials.

World Password Day 2022

To raise awareness of the seriousness of the issue, the technology industry celebrates the first Thursday in May as a World Day event. This reminder is motivated by the analysis of the millions of passwords that are exposed after multiple data breaches in companies large and small. And it paints a disastrous picture.

The list of the worst passwords should give us pause for thought because they are repeated year after year and the group of old acquaintances such as  “123456”,  “111111” or  “password” dominate the usage lists. And they are the ones to avoid at all costs because a hacker can obtain them in less than a second simply by using a command that tests the most commonly used ones. Or by using brute force attacks, words, numeric combinations and others to obtain the credentials.

Passwords World Day 2022

How to create strong passwords

We make it very easy for cybercriminals. We users are either “lazy” by nature or carefree despite how much we put at stake by exposing our digital life that encompasses both professional and personal matters. And financial⦠The most sought after for obvious reasons.

The recommendation is the usual one. We must make an effort in its creation with basic rules that are included in any cybersecurity manual and indicate what to do and what not to do when creating and using passwords. We remind you of them again:

  • Do not use typical words or common numbers.
  • Do not use personal names, pet names or birth dates.
  • Combine upper and lower case.
  • Combine numbers with letters.
  • Add special characters.
  • Lengthen the term with the largest number of digits.
  • Do not use the same password on all sites.
  • Especially, use specific and as strong as possible passwords for banking and on-line shopping sites where we expose our financial information.
  • Keep the password safe from any third party.
  • Never reveal your password to anyone. Neither in supposed official requests from e-mails or messages from messaging services as they are usually phishing attacks that impersonate your identity.
  • Change your user name and e-mail address.
  • Reinforce the use of passwords whenever features such as two-factor authentication (2FA) or biometric systems, fingerprint sensors or facial recognition are available.
  • Clean online accounts that we do not use as a regular maintenance task.
  • Check to see if your passwords are hacked. Have I Been Pwned is a good place to look.

Passwords World Day 2022

Password managers

It is almost impossible for a human internet user to securely manage the credentials to access the hundreds of accounts that we are probably subscribed to. There is a group of applications that are of great help. Basically, this type of software reduces human errors in the handling of passwordsby automating the process of generating and accessing websites and services.

Of course, the passwords created by these managers are highly secure, meeting standard standards in size and complexity. They also help against phishing attacks by immediately identifying characters from other alphabets and add a huge advantage:Â we only need to remember a master password and the manager will do the rest.

Surely you are familiar with applications such as the renowned LastPass and other commercial and/or paid applications, but from our practice section we proposed these five open source and totally free solutions that our users liked a lot. The great advantage of open source administrators is the possibility of auditing the software and keeping the credentials under your control, installing and self-hosting them on your own machine. We remind you the most interesting ones:

KeePassit is the ‘granddaddy’ of open source password managers and has been around since the days of Windows XP. KeePass stores passwords in an encrypted database that you can access using a password or digital key. You can import and export passwords in a wide variety of formats.

Bitwardenâ Especially intended for LastPass users looking for a more transparent alternative, it works as a web service that you can access from any desktop browser, while for Android and iOS it has its respective mobile apps. Bitwarden can share passwords and has secure access with multi-factor authentication and audit logs.

Passbolta self-hosted password manager designed specifically for work teams. It integrates with online collaboration tools such as browsers, email or chat clients. You can self-host the program on your own servers to maintain complete control of the data, although teams without experience or infrastructure can use a cloud version that hosts them on company servers.

Psonopsono is another option for teams looking for open source enterprise password management software. This is a self-hosted solution that offers an attractive web-based client written in Python, with source code available under the Apache 2.0 license.

Teampassa team-oriented administrator with an offline base mode that we like, where you export your items to an encrypted file that can be used in offline locations. Teampass is not the prettiest application in the world, but the design is tremendous and you can quickly define roles, user privileges and folder access.

And if you want to use this type of software for mobile you should know that there are also specialized developments such as these 6 password managers for Android that we offered you recently.

Good practice guide on World Password Day 2022 32

Managers in browsers

If you don’t want to use third-party managers, another option is to use the password managers of the browsers themselves. Chrome, the leader in the segment, has improved its performance and capabilities considerably in the latest versions by including features offered by the specialized ones above, such as the detection of compromised passwords, the warning when you create a weak one or a very simple editing of it in the manager itself.

The manager stores them securely, allows their management in chrome://settings/passwords and uses them to complete the username and password fields the next time you visit a website. Very similar to what Mozilla has been doing to Firefox with its âPassword Managerâ which is one of the best in web browsers. Microsoft’s new Chromium-based Edge also has its own manager that offers the basics of a dedicated manager.

A further reminder this World Password Day 2021 to raise awareness of the need to invest a few minutes of your time in attending to a crucial element for your Internet security and that of your digital home. And there are no excuses. We have the information and the means Let us not make it so easy for the enemies of others.

Click to rate this entry!
(Votes: 0 Average: 0)
Share!

Leave a Comment