Until the technology industry massively deploys more friendlier and more secure systems, passwords will continue to be the preferred form of authentication for access to Internet services, logins to operating systems, applications, games, networks, and all types of machines.

Although other features, such as 2FA, have enhanced security by forcing the use of two-phase authentication, the truth is that passwords are not a reliable method today amid an ever-increasing number of attacks. All the less so if users and companies no longer follow the basic rules for its creation, use and maintenance.

Security specialists estimate that hackers run on average 50 million password attacks every day, about 580 per second. And they are highly effective, with 60% of data breaches demonstrably caused by broken credentials.

World Password Day 2022

To raise awareness of the seriousness of the problem, the technology industry celebrating the first Thursday in May World Day event. This comment is motivated by the analysis of millions of passwords that are revealed after multiple data breaches in large and small companies. And it depicts a catastrophic scene.

The list of worst passwords should make us think, because they are repeated year after year and the list of uses is dominated by a group of old ones known as “123456”, “111111” or “password”. And they have been avoiding them at all times ever since a hacker can get them in less than a second simply by the command that tests the most used. Or using brute force attacks, words, number combinations, and more that allow you to gain credentials.

How to create strong passwords

We make it very easy for cybercriminals. Users are naturally “lazy” or carefree, although we risk exposing our digital life, which includes both professional and personal issues. And financial … Most sought after for obvious reasons.

The recommendation is usual. We must try to create with the basic rules that are part of every cyber security manual and tell you what to do and what not to do when creating and using passwords. We remember them again:

• Don’t use typical words or common numbers.
• Do not use personal names, animal names or dates of birth.
• Combine uppercase and lowercase letters.
• Combine numbers with letters.
• Add special characters.
• Extend the deadline with the most digits.
• Do not use the same password on all sites.
• In particular, use passwords that are specific and as strong as possible for the banking and online shopping sites where we expose your financial information.
• Protect your password from any third party.
• Never reveal your password to anyone. Not even in the alleged official requests from e-mails or messages from messaging services, because these are usually phishing attacks that pretend to be your identity.
• Change username and email.
• Enhance the use of passwords whenever features such as double authentication (2FA) or biometric systems, fingerprint readers or face recognition are available.
• Clean up online accounts that we don’t use for routine maintenance.
• Make sure your passwords are not hacked. Have I Been Pwned is a good place to watch.

password managers

It is almost impossible for a human Internet user to securely manage login information to access the hundreds of accounts we are certainly subscribed to. There is a group of applications that are very useful. Basically this type of software reduces human errors in password handlingbecause it automates the process of generating and accessing websites and services.

The passwords created by these administrators are, of course, highly secure and meet standard rules in terms of size and complexity. They also help combat phishing attacks by instantly identifying characters from other alphabets and adding a huge advantage: just remember the master password and the manager will take care of the rest.

Applications like the renowned LastPass and other commercial and / or paid ones certainly sound familiar to you, but from our practical section, we once designed these five open source and completely free solutions that our users really enjoyed. The great advantage of open source administrators is the ability to audit software and keep credentials under your control, install them and host them on our own computer. We recall the most interesting:

KeepPass. It is a “grandfather” among open source password managers and has existed since Windows XP. KeePass stores passwords in an encrypted database that you can access using a password or digital key. You can import and export passwords in many different formats.

Bitwarden. Specially targeted at LastPass users looking for a more transparent alternative, it works as a web service that you can access from any desktop browser, while it has mobile applications for Android and iOS. Bitwarden can share passwords and has secure access through multi-factor authentication and audit trails.

Passbolt. Self-service password manager designed specifically for work teams. Integrates with online collaboration tools such as browsers, email or chat clients. You can host the program on your own servers to maintain complete control over your data, although teams with no experience or infrastructure can use the cloud version that hosts it on corporate servers.

psono. Psono is another option for teams looking for open source enterprise password management software. This is a self-hosted solution that offers a beautiful web client written in Python with source code available under the Apache 2.0 license.

team pass. A team-oriented manager with a basic offline mode that we like, where you export your items to an encrypted file that can be used in places without an internet connection. Teampass is not the prettiest application in the world, but the design is amazing and you can quickly define roles, user permissions and folder access.

And if you want to use this type of mobile software, you should know that there are also specialized innovations such as these 6 password managers for Android that we have recently offered you.

Managers in browsers

If you do not want to use a third-party administrator, another option is to use it browser password manager. Chrome, the leader in the segment, has significantly improved its operation and capacity in the latest versions, including features offered by those specialized above, such as broken password detection, password protection alerts, or a very simple edition. of which in its own administrator.

The administrator securely stores them, allows them to be managed in chrome: // settings / passwords, and uses them to fill in the username and password fields the next time they visit the site. Very similar to what Mozilla did Firefox with its “Password Manager” which is one of the best web browsers. Microsoft’s new Chromium-based Edge also has its own administrator, which offers the most basic of a specialized administrator.

A new commemoration of this World Password Day 2021, which aims to raise awareness of the need to invest a few minutes of your time in caring for a key element in securing your Internet and your digital home. And there are no excuses. We have information and resources. Let’s not make it easier for others’ enemies.