This is how passwords are considered for the majority of users who are forced to establish access credentials when using electronic devices or registering on most Internet services.
However, despite being a security measure, in many cases passwords can be circumvented by typing “123456”. This serial is still the most widely used password in 2018 in the world, something that should worry us because of the increase of cyber attacks that seek to obtain personal data.
The data that a password should protect.
Restricting access to data was what pushed Fernando Corbató and his MIT team to develop the first passwords in 1961.
They worked on a Compatible Time-Sharing System, a technology known by its acronym CTSS. It was a computer that allowed users to access a set of files for four hours a week. They created the passwords, so that each one could access the information that corresponded to them.
Basically, passwords were designed to ensure that the access was produced by a legitimate person. However, already in the 60s there was one of the first security breaches.
Allan Scherr was an MIT researcher who was working with CTSS. The four hours he had per week to access the CTSS files weren’t enough, so to streamline the processes, he printed all the passwords and distributed them to some members of his team. Nowadays, anyone would know that it wasn’t a good idea.
As the use of computers became popular, passwords became a necessary security measure.
What is a secure password?
“The best password is the one you can’t remember” – Anonymous
A secure password is any combination of numbers, letters and special characters that prevent unauthorized access.
A secure password must have two requirements:
- Length: must contain at least 8 characters.
- Complexity: must contain, at least, one character from each of the following groups:
- Lowercase letters
- Capital letters
- Special characters or symbols (for example: “[ % , \ ! @”)
For example, “P36T = Mhe” could be a secure password that meets the above requirements, but is it easy to remember such a key? Probably not for the majority of users.
At this point is where the password dilemma occurs.
This dilemma arises every time you have to put a password to something: do you create a simple and easy key to remember it, or a complicated and difficult one?
If you choose the first option, you disregard security, but if you opt for the second option you run into a problem: you won’t be able to access a service and you will have to start the cumbersome process of resetting the password.
In the following lines, we will talk about how to avoid both situations.
3 types of cyber attacks with which they steal your data
Security exists because there are dangers.
Fortunately, we are aware of these dangers because computer attacks occupy headlines and conversations on social networks. However, the average user is not usually aware of the way in which attacks occur, so cyber criminals take advantage of any oversight so that an attack is a success.
Phishing attacks so you end up providing your password
As we have explained on other occasions, phishing is one of the most used cyber attacks due to its high success rate.
Cyber criminals impersonate a person from a company or an institution to convince you to send them your information (like your password), or carry out some type of action that benefits the cyber criminal. For example, registering on a fraudulent webpage or application to obtain your data.
The attack can come to you in several ways: by e-mail, by a link sent by social networks or by a message. They could even call you on behalf of a superior or a company you’re a customer of to ask for information over the phone.
Never provide passwords or access data of any kind.
Brute force attacks to decrypt passwords
It is a method in which all possible combinations are tested to find the password that allows access.
In some cases, the attack by brute force is combined with a dictionary attack: words that are found in the dictionary are combined since many users use concepts of their own language as a key.
To avoid this type of cyber attack it is important not to use words or proper names in your passwords. You can read more about how companies can protect themselves from this type of attack in this link.
Keyloggers, the tools that record what you type
The keyloggers can be presented in the form of computer programs that are installed on computers and run in the background, or on electronic devices such as a USB.
Everything the user types is registered by the keylogger, so it is not only capable of capturing passwords, but also credit cards and any sensitive information.
Although having a complex password doesn’t prevent you from being a victim of this type of attack, it is worth taking into account given that it is another way to steal your passwords. To protect you from keyloggers, there are anti-keyloggers, anti-spyware and firewalls.
How to create a secure password
“Treat your password like your toothbrush. Don’t let anyone else use it, and get a new one every six months” – Clifford Stoll, astronomer and computer expert.
One of our proposals is to use password generators. You just need a couple of clicks to get a unique and safe key that you can copy and paste to set a password.
We created the following password generator, so you have it on hand whenever you need it:
Remember that even if you generate a secure password, it is important not to use it again, or not to make small variations between one password and another. These two practices convert a secure password into a vulnerability.
It’s really difficult to memorize these combinations of numbers, letters and meaningless characters, so let’s see how we can save the secure passwords that you have created.
How to save your passwords safely
We continually repeat that security is not comfortable, but it is necessary.
We must integrate it as a habit, as we do when closing a car when we leave it, or when we don’t lend our house keys to anyone.
However, our discomfort increase every time we use a new Internet service or we buy a new electronic device, as we are push to use passwords for everything.
What is the solution for this situation? The most recommended is the use of password managers. Some of the most popular are:
- 1password. It is an application that you can have on your computer and on your smartphone. It is integrated into the browser to generate, save and use passwords on websites where required. You have a free 30-day trial.
- Dashlane This is another software similar to 1password, which also has the option to serve as a wallet for cryptocurrencies. In this case, you have a fairly complete free plan in case you need it for only one device.
- KeePass. Popular among technical users, since it is a free and open source password manager, so it can be adapted to the needs of those who will use it.
It is important to keep in mind that all these tools ask you to enter a secure password to access the others, so you only have to memorize a single password from now on.
Other ways to store passwords
[quote] “Trusting in technology is fine, but controlling it is even better” – Stephane Nappo, CISO of Société Générale.
At the beginning of 2018, dozens of people from Hawaii received an alarm on their cell phone: “Imminent ballistic attack. Look for shelter. This is not a drill”.
Panic spread, but luckily, it was a false alarm.
Three days passed when an image came out of the official who launched that alert. In that photo, taken by Associated Press, you see a man and in the background there is a post-it on the computer screen with a password.
The professionalism of the workers in charge of the Hawaii Emergency Center was questioned not only because of the incident, but also because a very unsafe practice in security was evident: having passwords in view.
Possibly, all of us have done it once, for example, when we arrived at a new job. We may even think that it is harmless when the password gives access to an unimportant tool.
However, hackers can exploit more vulnerabilities than you believe by obtaining a single piece of data. Take a look at the basic security measures to take while you work to avoid being the source of an attack on your company.
Writing passwords is not an unwise practice, as long as you keep it in a safe and secret place. It is not an effective method, but it is another option for paper lovers.
Some people save passwords in the browser, as well as other data such as bank cards. There is a risk in this practice and it is that other users can see this data when using the computer. So, it is not a recommended security measure.