It would seem that, since we are living in the 21st century, the traditional slogans for IT systems should be long gone. They should give way to modern solutions, known from headlines of technological portals, such as biometrics, i.e. mechanisms that are able to recognize our fingerprints, our voice or verify the iris of the eye.
Technology is slowly appearing on the market, but it turns out that most of the applications we use require us to provide an old and verified login and password.
Passwords from the ’90s.
It was not as common as it is today to set up separate accounts in almost every service we use. Few had an account on a mail server, which was the only one requiring login and password to log in.
Therefore, in those days, it was not a big threat to have a trivial password in the form of our dog’s name or first love from childhood. Computers were also shared by us and often the whole family used the same “desktop”, and no one felt the need to create separate profiles.
The situation changed with the development of the network. The emergence of the so-called Web2.0 began the era of websites personalized for our needs and interests, giving us access to our personal data from anywhere in the world or allowing us to contact friends without any restrictions, has made more and more websites began to require us to identify ourselves.
Change your password every 30 days
Until recently, it was believed that good practice in the management of its slogan was for it to have one:
- At least 8 characters,
- It consisted of at least one special character, upper or lower case letter and a number (3 out of 4 conditions fulfilled),
- There was no dictionary (i.e. it was a random sequence of characters),
- It was cyclically changed every 30 days.
These rules like mantra are repeated in many organizations and as a rule they are not bad. Using them in practice means that we have a reasonable password, which is relatively difficult to break if we extend its length to 10 characters. The biggest disadvantage is that nobody can remember these passwords and as a result they are either written on various cards, notebooks or notebooks or duplicate.
In addition, to meet the requirement for a cyclical password change, the average user changes the month name to the next one or at the end adds one character that changes.
Many websites do not force us to use any patterns in terms of passwords and, consequently, they are used as simple and easy to remember as possible. Based on data from leaks from website.
How can criminals get your password?
There are many ways to obtain a password to access your accounts in various services and applications, and the possibility of using them depends on many factors.
The most popular ones are:
- Installing malware on your computer, eavesdropping on keystrokes and sending them to a criminal.
- Persuading you (e.g. by sending a link in an e-mail) to visit a website which is confusingly similar to another one you know and you enter your login and password to the real website.
- Obtaining a password as a result of a database leakage from another website on which you had an account.
- A force majeure or dictionary attack where a criminal tries to access our account by trying to enter randomly generated strings of characters or using lists of popular passwords.
However, in the case of all risks associated with attempts to guess our password or attempt to break its encrypted form, which has been made public as a result of a leak, we may be protected by knowledge of good practices in creating and storing it.
How secure and easy to remember password?
New guidelines of international security organizations state that nowadays it is crucial to keep the password as long as possible, and in fact its length is more important than its complexity.
How to create such a password? Below is an example to inspire:
- Think of a sentence that will be easy for you to remember – e.g. “I always eat two eggs for dinner”.
- Delete spaces, replace the word “two” with a number and add a dot at the end of the sentence. We get it: “A wheat-colouring with egg 2.” At this point, we have a 25-character password that contains upper and lower case letters, numbers and a special dotted character.
Remember, however, that it is very bad practice to have the same password for each service, because in the event of a leak of passwords, criminals get access to all our accounts.
What is a password manager?
Password manager is a computer software that allows you to generate a safe (i.e. long, random and complicated) password and then save it in a safe place in the memory of your computer, phone or even a cloud. Passwords created in this way are encrypted with the use of strong and proven cryptographic mechanisms and in order to gain access to them you need to know only one master password.
Why is the password manager good? For several reasons:
- Creates unique passwords for you to each site or application.
- It means that even if as a result of a leak your password to one system is made public, nobody will know your other passwords.
- It keeps your passwords safe on your computer, phone, or cloud. All of them are encrypted and protected from access by another unauthorized person.
- It can integrate with a web browser, thus allowing you to enter passwords with one convenient button.
Which password manager should I choose?
It depends on :). It depends on which operating systems you use on your computer (Windows/macOS/Linux) and on your mobile device (iPhone with iOS or Android).
Another solution that is worth recommending and allows you to access our passwords from Apple devices, Android devices and Windows is 1password, whose detailed description you will find here the page opens in a new window. Unfortunately, the biggest drawback of this solution is its (not insignificant) price. The question of whether it is worth paying each of you must answer yourself after using the free trial period.
It is worth making sure that the passwords we use are of the best quality.