“In Juan’s bar they serve large tapas for 3 euros” is a very easy phrase to memorize; but choosing the first letter of each word results in “EebdJptga3€”, which can provide the Internet user with a practically indecipherable password because it includes everything that experts advise: uppercase letters, lowercase letters, numbers and some special symbol.
It can also be a phrase that makes sense and meaning for the user -and only for him-, or the title of a song and vary some characters to turn them into numbers, or choose one that already includes them: “19 days and 500 nights” it can become the impregnable “19 Days and 500 Nights!” using capital letters and admirations.
As every first Thursday of the month of May, “World Password Day” is celebrated, an initiative promoted by several companies in the field of computing and cybersecurity to make users aware of the importance of using robust methods to guarantee an unequivocal identification; an appointment in which various experts review the main recommendations that must be addressed and offer practical advice.
The quote gains meaning and relevance every year, because Internet crime and fraud have multiplied in recent years and despite this, the most used passwords in the world continue to be “123456, “password” or “qwerty” -one of the more natural and obvious sequences on the keyboard-.
No Common Words Nor Recurring Dates
The main recommendation of the experts for a strong password is that it be long and complete (at least eight characters, although some recommend up to 14) and always avoid the data that is easier to remember and guess, such as dates of birth, passwords, etc. initials, common words, phone numbers, ID, pet’s name, favorite team or initials of all family members.
The head of Global Consumer Operations of the company Panda Security, Hervé Lambert, observed that the password “123456” was exposed more than twenty million times in 2021 or that one in three Spaniards reuses the same passwords in all accounts.
Lambert explained that trends point to the use of biometrics (facial, iris or fingerprint recognition) and “multifactor” authentication that combines the password or biometric data with an additional SMS that includes a verification code.
The person in charge of this information security company stressed that these new authentication methods are more secure than traditional passwords “but they are not exempt from vulnerabilities and limitations”, and observed that biometric data can be stolen or compromised and facial recognition deceived with high quality images.
Mnemonic Rules, Password Managers And Antivirus
Ruth García, Cybersecurity technician for Citizens of the National Institute of Cybersecurity (INCIBE) -dependent on the Ministry of Economic Affairs and Digital Transformation- insisted that the new authentication trends are more secure than traditional passwords “but they also have their own limitations and risks”.
“Passwords are not the best insurance to avoid cyber risks, but they are an important part of online security,” Ruth García told, stressing that, in addition to using different passwords for each service, changing them regularly and using two-factor authentication, it is advisable to use security programs such as antivirus.
Her practical advice: use mnemonic rules and resort to a phrase that is easy to remember but that includes uppercase letters, lowercase letters, and numbers; and cites as an example “MyDogIsABigBulldog!”, which is “strong and easy to remember.”
The commercial director of the company specialized in cybersecurity S2 Grupo, Rafael Rosell, added to all these recommendations that of using a “password manager” in which they can be stored safely, and opined that as new identification methods As they become more widespread, new techniques will also be discovered to compromise them.
Rosell explained that passwords are the “essential” requirement to protect access to all digital information of a user, and asserted that although they do not fully guarantee security, “doing without them or using them inappropriately does guarantee an undue intrusion”.
