World Password Day 2024 will arrive on its annual date on the first Thursday of May. A day designed ten years ago by cyber security experts with a goal promote best practices in creating and maintaining passwords.

Analysts say that 95% of computer security problems are caused by human error, and passwords are an essential part of this human part, as they are still the preferred method of logging into many of the Internet services we access daily, applications, games, networks and all types of machines.

Unfortunately, we don’t give it the time that its importance deserves, and analysis of the millions of passwords that are exposed after multiple data breaches at companies large and small confirms disaster scene regarding password management. A special day like the one celebrated today is therefore welcome if it helps raise awareness.

World Password Day 2024

Passwords were first used to protect digital accounts from unauthorized access in computer environments in the 1960s. In 1961, researchers at the Massachusetts Institute of Technology (MIT) began using the Compliant Time-Sharing System (CTSS). The system ran on an IBM 709 and users could access the system through a dumb terminal with passwords used to prevent unauthorized access to users’ personal files. This system is believed to be the first to use passwords and was also the first to experience password cracking.

Several decades have passed since these events and slogans still have the same importance and the same risks. A list of the most used passwords of 2023 confirmed that they are perfect for cybercriminals, with old domains known as “123456”, “111111” or “password” being exactly the ones to use. avoid at all costs because a hacker can get them in less than a second simply by using a command that tests the most used ones. Or using brute force attacks, words, number combinations, and more to gain credentials. The numbers that speak of more than 50 million daily password attacks with a high success rate are not surprising.

While we recognize that the usability of passwords is painful until the technology industry massively deploys other friendlier and more secure systems, such as anything that comes from biometric authentication or interesting access keys, we must be aware that the strength of the passwords we use The security of our digital lives largely depends on it.personal, professional or financial accounts, which are, for obvious reasons, the most requested.

We must too activate other functions such as 2FA, which are able to significantly strengthen password security by forcing the use of two-factor authentication. And of course, use best practices in managing them.

How to create strong passwords

The recommendations are part of any computer security guide and are well known to everyone. But we don’t practice them to the same extent and we make it very easy for cybercriminals. Must make an effort to create and maintain it follow some basic rules that tell what to do and what mistakes to avoid when creating passwords:

• Don’t use typical words or common numbers.
• Do not use personal names, animal names or dates of birth.
• Combine upper and lower case letters.
• Combine numbers with letters.
• Add special characters.
• Extend the term with the largest number of digits.
• Do not use the same password on all sites.
• In particular, use specific and strongest possible passwords for banking and online shopping sites where we disclose your financial information.
• Protect your password from any third party.
• Never share your password with anyone. Not even in supposedly official requests from emails or messages from messaging services, as these are usually phishing attacks impersonating your identity.
• Change username and email.
• Reinforce the use of passwords whenever features such as two-factor authentication (2FA) or biometric systems, fingerprint sensors or facial recognition are available.

As an additional reinforcement action, we can clean up online accounts that we don’t use as routine maintenance that will reduce risks. We can also access websites like Have I Been Pwned to check that the passwords we use have not been hacked.

Password managers

It’s nearly impossible for a human internet user to securely manage credentials to access the hundreds of accounts we surely subscribe to. There are a group of applications that are very useful. Basically this type of software reduces human error in password managementbecause it automates the process of generating and accessing websites and services.

Passwords created by these administrators are of course highly secure and meet standard standards for size and complexity. They also help against phishing attacks by instantly identifying characters from other alphabets, adding a huge advantage: We only need to remember the master password and the administrator will take care of the rest.

You certainly know applications like the renowned LastPass and other commercial and/or paid ones, but from our practical side, we have suggested these five open source and completely free solutions that our users really liked. A big advantage of open source administrators is the ability to audit the software and keep the credentials under your control, install it and host it yourself on our own computer. We recall the most interesting ones:

KeepPass. It’s the “granddaddy” of open source password managers and has been around since Windows XP. KeePass stores passwords in an encrypted database that you can access using a password or digital key. You can import and export passwords in many different formats.

Bitwarden. Specially designed for LastPass users looking for a more transparent alternative, it works as a web service that you can access from any desktop browser, while it has corresponding mobile apps for Android and iOS. Bitwarden can share passwords and has secure access using multi-factor authentication and audit logs.

Passbolt. A self-service password manager designed specifically for work teams. Integrates with online collaboration tools such as browsers, email or chat clients. You can host the program on your own servers to maintain complete control over your data, although teams without experience or infrastructure can use a cloud version that hosts it on company servers.

Psono. Psono is another option for teams looking for open source enterprise password management software. It is a self-hosted solution that offers an attractive web client written in Python with source code available under the Apache 2.0 license.

team pass. A team-oriented manager with an offline core mode that we like, where you export your items to an encrypted file that can be used in places without an internet connection. Teampass isn’t the prettiest app in the world, but the design is amazing and you can quickly define roles, user permissions, and folder access.

And if you want to use this type of software for mobile phones, you should know that there are also specialized development projects, such as these 6 password managers for Android that we recently offered you.

Managers in browsers

If you don’t want to use a third-party manager, another option is to use custom browser password managers. Chrome, the leader in this segment, has significantly improved its operation and capacity in the latest versions, including features offered by the above specialists, such as the detection of cracked passwords, warnings when you think the password is weak, or very simple password editing. it in its own manager. Google Admin stores them securely, lets you manage them in chrome://settings/passwords, and uses them to populate the username and password fields the next time you visit the site.

Very similar to what Mozilla did Firefox with its “Password Manager” which is one of the best in web browsers. Microsoft’s Chromium-based Edge also has its own manager, which offers the most basic features of a dedicated manager.

A new reminder this World Password Day 2024 to raise awareness of the need to invest a few minutes of our time to address a key element of internet and digital home security. And there are no excuses. We have information and resources. Let’s not make it easy for the enemies of others.