Office

Obsessed with security? Well, don't look at these passwords

Table of contents:

Anonim

When we talk about computer security, we always refer to the need to keep them updated with the latest versions of the operating system. How the most recent computers are the most secure by including options such as Windows hello or Face ID that improve access to them. But what happens when the security hole is created by ourselves?

"

That is what happens with the security passwords used to access our terminals, whether in mobile or PC format, as well as a large number of services to which we are connected.It is useless to have the latest in terms of security to access the computer if we then use 1234 as a password"

And no, don't think that this is an isolated incident. Despite what we have always read, despite the recommendations they make to us, accessible passwords (too much) are still widely used Although the year we are about to end Terminating has taught us how thousands of data are filtered on the network in which passwords, access codes and names appear, despite the fact that security is increasingly important, there are still users who use passwords that we could call absurd.

"

We are not talking about the grandfather on duty having the mobile PIN written down on a _stick_ in the case. We talked about the fact that there are a large number of users of all kinds who use passwords that are so difficult to crack with number combinations like “123456” or words like “password” or password "

Users who switch from using passwords that combine numbers, letters, and signs They should not just be long (some experts recommend that it is not essential), but above all you should seek to combine "rare" characters while avoiding the use of dates or words that are associated with us.

And the example that a large part of users do not act in the most appropriate way is shown by the study carried out by the security firm SplashData that has compiled which may be the 100 worst passwords of 2017 In fact, they state that at least 10% of users have used one of the 25 least advisable passwords. These are the 25 least advisable passwords to use:

  • 123456
  • Password
  • 12345678
  • QWERTY
  • 12345
  • 123456789
  • letmein
  • 1234567
  • football
  • iloveyou
  • admin
  • welcome
  • monkey
  • login
  • abc123
  • starwars
  • 123123
  • dragon
  • passw0rd
  • master
  • Hello
  • freedom
  • whatever
  • qazwsx
  • trustno1
"

A list in which, along with the use of a classic such as 123456, others appear as "password" or "12345678" occupying the first three positions on the _podium_. Other of the classics that we see are admin, login or abc123 or passw0rd, where the letter or is replaced by a 0.An alternative that, as they say in SplashData, is of no use These are the 100 worst passwords of 2017"

Steps to create a secure password

To create a secure password, we can follow a series of steps that will also make it easier for us to always keep it in mind and let's not forget her.

    "
  • The first step is that the first two letters of the password will be the first two of the site where we register. If we are going to register on Spotify it would be sp."
  • "
  • We will follow the password with the last two letters of the username. If we register as Pepito, we will already have spto."
  • "
  • The following will be the number of letters of the site name. Spotify has seven, so we keep adding: spto7."
  • "
  • If the previous number is odd, we will add a dollar sign. If it is even, one at. Since 7 is odd, we are left with spto7$."
  • "
  • We take the middle letters of the password and We write them again using the next letter of the alphabet You will understand it with an example: yes we have spto, we rewrite the middle two using the next letters of the alphabet, and we&39;re left with what. In this way, our password is spto7$qu."
  • "
  • We count the number of vowels in the password, we add four, and we write it but pressing the Shift key, so that we get a symbol. In this case, we have 2 vowels, so the symbol will be &, which is above the 6 key. We already have the password spto7$qu&."
  • "
  • And one last step could be to replace some of the letters with capital letters. We can determine that the second and fourth, for example, can be capital letters. The result would be sPtO7$qu&."

Two-factor authentication

"

Another option can be given by the use that we can make of two-step authentication (also known as two-factor authentication) . It is an option through which an additional security layer is added to the account that we are going to use. In this way, you log in with a piece of information that you know (your password) and with a piece of information that you have (a code that you receive on your phone)."

A system that seeks to add one more verification that it is you and not a third person who is accessing your account. To do this, the service checks that you really have something (mobile, token) that only you should have. A process that, however, has a weak point that is due to the use of SMS to send the keys.

The problem is that SMS is vulnerable, so two-step authentication should be approached differently and companies like Google already They have solved it by launching Google Prompt, a system that means that this verification is not sent through SMS messages, but from Google's servers, something that makes it more complex to intercept them. A measure similar to that offered by the token generators used in some banks.

Source | Motherboard In Xataka | Two-factor authentication: what it is, how it works and why you should activate it

Office

Editor's choice

Back to top button