The tech industry is celebrating the first Thursday in May with an event to raise awareness of the need to improve password practices. Despite numerous warnings, World Password Day 2023 is still very much needed as the analysis of millions of passwords that are exposed after multiple data breaches at companies large and small, paint a disastrous scene.

Sure, passwords are painful to use and insecure if we don’t follow strict rules. However, until the tech industry massively deploys other friendlier and more secure systems like passwords, passwords will continue to be the preferred form of authentication for accessing Internet services, authenticating with operating systems, applications, games, networks, and all kinds of machines.

Although additional features such as 2FA have strengthened password security by forcing the use of two-factor authentication, the truth is that passwords today are not a reliable method amid the ever-increasing number of attacks. And even less if users and companies continue to violate the basic rules for its creation, use and maintenance.

World Password Day 2023

Security specialists estimate that more than 50 million password attacks every day, about 580 per second. And they are highly effective as 60% of data breaches are proven to be attributed to compromised credentials.

And we make it very easy for cybercriminals. The list of worst passwords should make us think, because they are repeated year after year, and the list of usage is dominated by a group of old acquaintances like “123456”, “111111” or “password”. And they are the ones that should be avoided at all costs, because a hacker can get them in less than a second simply by running a command that tests the most used ones. Or using brute force attacks, words, number combinations, and more to gain credentials.

And it’s because users are by nature “lazy” or carefree, even though we’re at stake by revealing our digital lives, which include both professional and personal matters. And financial… The most sought after for obvious reasons. To raise awareness of the seriousness of the matter, the industry is relaunching this International Day as a reminder of the dos and don’ts of its management.

How to create strong passwords

The recommendation is usual. Must put effort into its creation and maintenance with the basic rules that are included in every cyber security manual and the do’s and don’ts of creating and using passwords. We remind them again:

• Don’t use typical words or common numbers.
• Do not use personal names, animal names or dates of birth.
• Combine upper and lower case letters.
• Combine numbers with letters.
• Add special characters.
• Extend the term with the largest number of digits.
• Do not use the same password on all sites.
• In particular, use specific passwords and as strong as possible for banking and online shopping sites where we expose our financial information.
• Protect your password from any third party.
• Never share your password with anyone. Not even in supposedly official requests from emails or messages from messaging services, as these are usually phishing attacks impersonating your identity.
• Change username and email.
• Reinforce the use of passwords whenever features such as two-factor authentication (2FA) or biometric systems, fingerprint sensors or facial recognition are available.
• Cleaning up online accounts that we don’t use as routine maintenance.
• Check that your passwords are not hacked. Have I Been Pwned is a good place to look.

password managers

It’s nearly impossible for a human internet user to securely manage credentials to access the hundreds of accounts we’re sure to subscribe to. There are a group of applications that are very useful. Basically this type of software reduces human error in password managementbecause it automates the process of generating and accessing websites and services.

Passwords created by these administrators are of course highly secure and meet standard standards for size and complexity. They also help against phishing attacks by instantly identifying characters from other alphabets, adding a huge advantage: just remember the master password and the manager will take care of the rest.

Apps like the renowned LastPass and other commercial and/or paid apps may sound familiar to you, but from our handy section we once suggested these five completely free open source solutions that our users really liked. A big advantage of open source administrators is the ability to audit the software and keep the credentials under your control, install it and host it yourself on our own computer. We recall the most interesting ones:

KeepPass. It’s the “granddaddy” of open source password managers and has been around since Windows XP. KeePass stores passwords in an encrypted database that you can access using a password or digital key. You can import and export passwords in many different formats.

Bitwarden. Specially designed for LastPass users looking for a more transparent alternative, it works as a web service that you can access from any desktop browser, while Android and iOS have their respective mobile apps. Bitwarden can share passwords and has secure access using multi-factor authentication and audit logs.

Passbolt. A self-service password manager designed specifically for work teams. Integrates with online collaboration tools such as browsers, email or chat clients. You can host the program on your own servers to maintain complete control over your data, although teams without experience or infrastructure can use a cloud version hosted on company servers.

pson. Psono is another option for teams looking for open source enterprise password management software. It is a self-hosted solution that offers a beautiful web client written in Python with source code available under the Apache 2.0 license.

team pass. A team-oriented manager with a basic offline mode that we like, where it exports your items to an encrypted file that can be used in places without an internet connection. Teampass isn’t the prettiest app in the world, but the design is amazing and you can quickly define roles, user permissions, and folder access.

And if you want to use this type of mobile software, you should know that there are also specialized news, such as these 6 password managers for Android that we recently offered you.

Managers in browsers

If you don’t want to use a third-party manager, another option is to use the password managers of the browsers themselves. Chrome, the leader in the segment, has significantly improved its operation and capacity in the latest versions, including features offered by the specialized ones mentioned above, such as the detection of cracked passwords, warnings when creating a weak password or a very simple edition. from it in its own administrator.

The administrator stores them securely, allows them to be managed in chrome://settings/passwords, and uses them to populate the username and password fields the next time you visit the site. Very similar to what Mozilla did Firefox with its “Password Manager” which is one of the best in web browsers. Microsoft’s Chromium-based Edge also comes with its own manager, which offers the essentials of a dedicated manager.

A new reminder this World Password Day 2023 to raise awareness of the need to invest a few minutes of our time to address a key element of internet and digital home security. And there are no excuses. We have information and resources. Let’s not make it easy for the enemies of others.