The technology industry celebrates World Password Day on the first Thursday in May. An annual event designed to make consumers and businesses aware of the need Adopt best practices in creating and using them.
Passwords are a terrible method of security and ease of use, but they are still the preferred form of authentication to access Internet services or to log into operating systems, applications, games, networks, and all kinds of computers. And we still have many years of experience with these access data until biometric systems are fully implemented and additional functions such as two-factor systems reinforce them sufficiently.
World Password Day 2021
This annual reminder is based on the analysis of the millions of passwords that are exposed after multiple data breaches in large and small companies. Reports of these leaks confirm this We continue to fail systematically All the ground rules for creating and managing passwords, despite repeated attempts to raise awareness like this one.
The list of worst passwords should make us think as it is repeated year after year and the group of old passwords known as “123456”, “111111” or “password” dominate the usage lists. And they are the ones to be avoided at all costs, as a hacker can get them in less than a second simply with an instruction that tests the most used ones. Or use brute force attacks, words, number combinations, and other simple tests to get this done in a short amount of time.
How to create strong passwords
We make it very easy for cyber criminals. Users are inherently “lazy” or carefree even though we risk exposing ourselves to uncovering our digital lives, which include both professional and personal issues. And financially … most in demand for obvious reasons.
The recommendation is the usual one. Got to strive to make it with basic rules found in every cybersecurity guide specifying what is and is not in creating and using passwords. We remember them again:
- Do not use typical words or common numbers.
- Do not use personal names, pets, or dates of birth.
- Combine upper and lower case letters.
- Combine numbers with letters.
- Add special characters.
- Extend the term with the largest number of digits.
- Do not use the same password on all websites.
- In particular, use specific and secure passwords for banking and online shopping websites where we disclose our financial information.
- Keep the password away from third parties. Never give the password to third parties.
- Not even for alleged official inquiries from e-mails or messages from messaging services, as these are usually phishing attacks that impersonate you.
- Vary your username and email.
- Increase the use of passwords when features such as double authentication (2FA) or biometric systems, fingerprint sensors or facial recognition are available.
- Cleaning up online accounts that we are not using as a regular maintenance task.
- Check if your passwords have been hacked. Have I Been Pwned is a good place to look.
General password manager
It is nearly impossible for a human internet user to securely manage the credentials to access the hundreds of accounts to which we are sure to have subscribed. There are a group of uses that are of great help. Basically this type of software reduces human errors when dealing with passwordsas it automates the process of generating and accessing websites and services.
Of course, the passwords created by these managers are very secure and conform to standard standards in terms of size and complexity. They also help against phishing attacks by instantly identifying characters from other alphabets and offering a great advantage: We just need to remember one master password and the manager will do the rest.
Sure, apps like the renowned LastPass and other commercial and / or paid apps will look familiar to you, but from our practical side we’ve suggested these five open source and totally free solutions that our users really liked. The big advantage of open source administrators is the ability to check the software and keep the credentials under your control, install it on our own computer and host it ourselves.
We remind you of the most interesting:
KeePass. It’s the “grandfather” of open source password managers and has been around since the days of Windows XP. KeePass stores passwords in an encrypted database that you can access with a password or digital key. You can import and export passwords in a variety of formats.
Bitwarden. Specifically designed for LastPass users looking for a more transparent alternative, it acts as a web service that you can access from any desktop browser, while for Android and iOS it has their respective mobile apps. Bitwarden can share passwords and has secure access with multi-factor authentication and audit trails.
Passbolt. A self-hosted password manager specially designed for work teams. It integrates with online collaboration tools such as browsers, email or chat clients. You can host the program yourself on your own servers for complete control over the data. However, inexperienced teams or infrastructures can use a cloud version that hosts them on the company’s servers.
Psono. Psono is another option for teams looking for open source software to manage corporate passwords. This is a self-hosted solution that offers an attractive web-based client in Python, the source code of which is available under the Apache 2.0 license.
Team pass. A team oriented manager with a basic offline mode that we want, in which he exports his items to an encrypted file that can be used in places with no internet connection. Teampass isn’t the most beautiful application in the world, but the design is enormous and you can quickly define roles, user rights and folder access.
Manager in browsers
If you don’t want to use third-party managers, you can also use the option Password manager of the browser itself. Chrome, the segment leader, has significantly improved its performance and capacity in the latest versions, including the features offered by the specialists mentioned above, such as: B. the detection of compromised passwords, the warning if you believe in a weak or a very simple version of the same applies to your own manager.
The manager securely stores them, enables their management in chrome: // settings / passwords and uses them to fill in the username and password fields the next time you visit a website. Very similar to what Mozilla did Firefox con su ‘Password Manager’ It’s one of the best in web browsers. Microsoft’s new Chromium-based Edge also has its own manager that offers the basics of a dedicated manager.
A new reminder of this World Password Day 2021 to raise awareness that you need to invest a few minutes of your time treating a crucial element for your security on the Internet and in your digital home. And there are no excuses. We have the information and the resources. Let’s not make it so easy for others’ enemies.