The World Password Day is the global day aimed at reminding us how important it is to protect our passwords and educate on the importance of updating them frequently to protect the sensitive data we input on the web.
Thanks to passwords we can make purchases, share online, but mostly they keep many of our data protected.
The pandemic forced us to spend more time at home, and consequently, we spent much more time online, making data security even more important. An increase in the average time spent online by each user was detected, doubling compared to pre-pandemic levels, from 3 hours and 17 minutes to 6 hours and 59 minutes.
The positive aspect is that in 2020 there has been an increase in the level of user security as those who have implemented good practices to enhance the security level of their passwords have thus increased the security level of their devices.
Table of contents
What are the most common errors when choosing a password?
Choosing a weak password is equivalent, in everyday life, to leaving keys hanging on the door of one’s own house. Despite the last two years of pandemic during which we have lived more online than outside our homes, and despite an increased awareness of the importance of secure passwords, the list of Top 200 most common passwords shows that we have still not learned enough.
What rules to follow for choosing a secure password
Here are some suggestions for choosing a good password:
- Choose a complex password that is at least 12 characters long and includes a combination of lowercase letters, UPPERCASE, numbers, and symbols (!$%&?). Or choose a Password Generator.
- Do not reuse old passwords. Using the same password for multiple accounts is the way to facilitate hackers’ work; if one of your accounts is compromised, the others will be as well.
- Update passwords periodically, at least every 90 days. This significantly increases the security of your accounts.
- Check the security of your passwords, to do so you can use this website www.passwordmonster.com/
- Use a password generator, in this way you will be even more sure that the password you have chosen is effective.
How do you steal a password?
There are many ways to discover a password, sometimes the methods used are very simple:
Phishing (Password Sniffing)
In practice we are fooled by social engineering techniques and give our passwords to those who ask for them through, for example, messages, emails, fake (false) sites that disguise a known site.
Guessing passwords
Using personal information such as name, birth date or names of domestic animals. To discover the password won’t be a distant hacker, but maybe the friend or neighbor…
Brute force attack
There are programs specifically developed to find the correct password to enter accounts. The program works by making continuous attempts until it guesses the right password. This is a very costly technique both in terms of software development and computing power, but widely used.
Capture of a password on the network
How many times have you communicated a password via email? Some websites, after we have registered, send us a welcome email containing username and password. But unfortunately, email is not a secure tool for exchanging these clear-text data.
Shoulder surfing
This system works by installing a keylogger that intercepts passwords when they are typed into a device. Keyloggers are programs (trojan) that record everything that is typed on the keyboard, then transmit these data to the hacker who installed the program.
Unsafely stored passwords
One of the most common methods is to write down the passwords in a file on your own computer, perhaps naming the file “Passwords”…
Oppure compromettendo un database contenente un gran numero di password utente che poi vengono utilizzate per attaccare altri sistemi dove gli utenti hanno riutilizzato le stesse password (“credential stuffing”). È esattamente quello che è successo con il data breach di LinkedIn (2012) attraverso il quale furono violati gli account LinkedIn, Twitter e Pinterest di Mark Zuckerberg (che usava la stessa password in tutti!)
Do a test right away on this website, it’s a data breach archive that allows you to search with your email to verify if your data has been violated.
