Although years ago experts in cybersecurity predicted a future world without passwords, today most predict a long life for the password, considering it very secure if the maxim of creating it by combining symbols, numbers and letters with sufficient length is followed. And this May 2 is International Password Day. as a tribute to a transcendental element for global security in cyberspace.
The password is, without a doubt, the most popular and used of the three identification methods that today are used to put an end to the attempts of ‘hackers’ to get hold of our data. As explained by Jordi Serra, professor of Computer Science, Multimedia and Telecommunications Studies at the UOCare summarized in three aspects: “One of them is what we know (passwords), another is what we are (biometrics, fingerprint…), and the third, what we have (a unique device to send a code to)”.
What should a hacker-proof password have?
These are the three keys to being sufficiently protected with a strong password without having to have a great memory to remember it:
A password of, minimum 12 characters (and, if possible, more extensive)
use a combination of uppercase, lowercase, numbers and symbols.
that this combination avoid the most frequent sequences type “12345“ or “qwerty”.
Why a minimum of 12 characters?
According to a recent study by the cyber security company Hive Systems, passwords with less than twelve characters can be hacked instantly if they only contain numbers. And something similar happens in the case that they are only made up of lowercase letters.
Why include uppercase, lowercase, numbers, and symbols?
Because it adds a plus of difficulty to the ‘hackers’ making it much more complicated for them to solve it. Although you are still unprotected if you opt for a short password, about eight characters long, the fact of including symbols and numbers and combining upper and lower case letters would force the hacker to spend an average of 39 minutes to find it. But if it is used a combination of 12 characters with uppercase, lowercase, numbers and symbols, it would take hackers no less than 3,000 years to figure it out.
What is then the recommended extension and combination?
“If there are numbers, letters and special symbols such as +, -, (, $, @, €… , from ten characters it is already considered that, with current computers, the time needed to find the password, if not it’s a known word, it’s enough not to waste time trying it”, which adds that everything depends on how that password is constructed.
“If it is from words that are in the dictionary, the length is not very relevant. There are tools that test combinations of known words, also adding dates. For the rest, what is done is to create combinations of letters and numbers, and go trying. The more letters you have, the more possible combinations you have to try until you find the right one.”
Why is it important to avoid the best known sequences?
In Spain, in the first place in the ranking of most used passwords in 2021 is the combination of numbers 12345, followed by 123456 and 123456789, according to the annual NordPass study, which also offers other curious data. For example, that in position 10 is “Barcelona“; at 12, “Spain“; at 16, “Alexander“, and on the 18th, “I love you“.
Or that, as in Spain, in Latin American countries the name of the preferred football team is not a good option either, since it appears in fifth position in some regions. And if we look for the most used passwords worldwide, in addition to the numerical combinations that also appear in the first positions in Spain, the first row of letters on the computer keyboard is the favorite: the combination “QWERTY” ranks fourth. The next place on the list is “password“.
Combine identification methods to give extra security
The good news is that, since there are several possible methods of identification, password, biometrics and fingerprint, and the only device to send a code to (two-step authentication), we can better protect our access. The recommendation is to use them in combination.
In Jordi Serra’s opinion, if we want to make it difficult for anyone who tries to hack our accesses, the best thing to do is “activate, if possible, the second authentication factor, that is, use two of the three identification systems. The most common is the password and the unique code to the mobile at the same time“, but as long as we spend some time creating a “hard” password that contains more than ten characters with letters, numbers, and special characters.
“We can remember a phrase from a book or proverb, and put the first letters of each word, in addition to also including some number and additional character to get to have a password of more than ten positions without it making any sense when read”. An example? “‘EuldlMdcN3+’ could be for the phrase ‘In a place in the Taint of Whose Name’ and put 3+ at the end. Now! let’s not all use this password for everything!” he warns.
George is Digismak’s reported cum editor with 13 years of experience in Journalism