“In it john’s bar They put large tapas for 3 euros” is a very easy phrase to memorize; but choosing the first letter of each word results in “EebdJptga3—, which can provide the Internet user with a password practically indecipherable because it includes everything that the experts advise: uppercase letters, lowercase letters, numbers and some special symbol.
It can also be a phrase that makes sense and meaning for the user -and only for him-, or the title of a song and vary some characters to turn them into numbers, or choose one that already includes them: “19 days and 500 nights” can become the impregnable “19 Days and 500 Nights!” using capital letters and admirations.
Tomorrow, like every first Thursday of the month of May, the “World Password Day”an initiative promoted by several companies in the field of information technology and cybersecurity to make users aware of the importance of using robust methods to guarantee a ID unequivocal; an appointment in which various experts review with EFE the main recommendations that must be addressed and offer practical advice.
The appointment gains meaning and relevance each year, because crimes and frauds Internet have multiplied in recent years and despite this, the most used passwords in the world continue to be “123456“password” or “qwerty” -one of the most natural and obvious sequences on the keyboard-.
NO COMMON WORDS NOR RECURRING DATES
The recommendation The main recommendation of the experts for the password to be strong is that it be long and complete (at least eight characters, although some advise up to 14) and always avoid the easier data to remember and guess, such as birth dates, initials, common words, telephone numbers, ID, pet’s name, favorite team or the initials of all family members.
The person responsible for Global Consumer Operations of the company Panda Security, Hervé Lambert, observed that the password “123456” was exposed more than twenty millions times in the year 2021 or that one in three Spaniards reuses the same passwords in all accounts.
Lambert explained to EFE that the trends They point to the use of biometrics (facial, iris or fingerprint recognition) and “multifactor” authentication that combines the password or a biometric data with an additional SMS that includes a Verification code.
The person in charge of this information security company stressed that these new authentication methods are more secure than the traditional passwords “but they are not without their vulnerabilities and limitations,” noting that biometric data can be stolen or compromised and facial recognition fooled with high-quality images.
MNEMONIC RULES, PASSWORD MANAGERS AND ANTIVIRUS
Ruth GarciaCybersecurity technician for Citizens of the National Institute of Cybersecurity (INCIBE) -depending on the Ministry of Economic Affairs and Digital Transformation- insisted that the new trends of authentication they are more secure than traditional passwords “but they also have their own limitations and risks.”
“Passwords are not the best insurance to avoid cyber risksbut they are an important part of online security,” Ruth García told EFE, stressing that, in addition to using different passwords for each service, change them regularly and to use two-factor authentication, it is advisable to use security programs such as antivirus.
His practical advice: make use of rules mnemonics and resort to a phrase that is easy to remember but that includes upper and lower case letters and numbers; and cites as an example “”MyDogIsABigBulldog!”, which is “strong and easy to remember”.
The commercial director of the company specializing in cybersecurity S2 Grupo, Rafael Rosell, added to all these recommendations that of using a “password manager” in which they can be stored securely, and opined that as new methods As identification methods become more widespread, new techniques to compromise them will also be discovered.
Rosell explained to EFE that passwords are the requirement “essential” to protect access to all digital information of a user, and asserted that although they do not fully guarantee security, “doing without them or using them inappropriately does guarantee an undue intrusion.”