Biometrics (iris, facial recognition or fingerprint) are imposed on the password as an authentication method to securely access devices, which have warned of the vulnerability and weakness of the most common and recurring keys (such as 12345 or QWERTY sequences). ).
And along with biometrics, in recent years these devices have adopted “double factor” or “double authentication” to guarantee the user’s true identity: the original key that the person uses (the PIN or password), is added in a second step (an SMS, a numeric code or other) to complete a banking or commercial operation or a procedure with an administration.
Like every first Thursday of May, tomorrow marks World Password Day, an initiative promoted by several computer and cybersecurity companies to make users aware of the importance of using robust methods to ensure a to use unique identification.
Managers of various companies specializing in cybersecurity and the National Institute for Cybersecurity (INCIBE) – dependent on the Ministry of Economy and Digital Transformation – have established the basic recommendations that users must follow in order to safely navigate the network.
Because the most frequently used passwords are still – in this order – 12345, 123456 and 1234567; because many users use the simplest keyboard sequence (qwerty); because they use the same key for all services and applications; and because very few people choose to create a strong password with at least ten characters, including uppercase letters, lowercase letters, numbers and special characters (+,-, $, €, @ or other).
Simple memory techniques
INCIBE Citizens Cybersecurity Engineer Ángela García Valdés has noted that this may seem like a tedious task, “but nothing could be further from the truth” as rules or storage techniques can be used to generate strong passwords and become unique this memorized simple and error-free way to use password managers.
The Director of Global Consumer Operations at Panda Security, Hervé Lambert, recalled that 70% of users forget their password at least once a month and try to write it an average of 2.4 times before finding the right key.
And in this sense, the commercial director of the company S2 Grupo, specialized in cybersecurity, Rafael Rosell, has warned of the “very serious” problem of reusing the same passwords for everything and also using very fragile combinations that are almost never changed.
A memory technique proposed by Professor of Computer Science, Multimedia and Telecommunications at the Universidat Oberta de Catalunya, Jordi Serra, is to go to a famous phrase or a popular proverb; cites as an example that “In a place in La Mancha, whose name” and adding a “+3” would render the password “EuldLMdcn+3” virtually unreadable; but it insists users create their own and not benefit from it.
Ángela García Valdés stressed that the password must have a minimum length of eight characters, must combine uppercase letters, lowercase letters, numbers and special characters; be unique for each service or application; and not associated with the user (names, dates or hobbies).
In statements, García Valdés has ensured that a system based on biometrics is more secure than a password, although it is not impossible for cybercriminals to achieve any of these characteristics, since fingerprints, for example, leave traces on all objects they touch and in extreme cases the perpetrator can acquire these qualities through violence.
He also warns of the “trivial” mistakes that many users make when it comes to storing a significant amount of personal and professional information under very weak passwords, including putting them in a notebook or on post-its to write with regard to other people, use the same for many services, use the simplest keyboard sequences (123456 or qwerty) or resort to expressions created or related by the user himself.
The password is only the first link
Hervé Lambert (Pacda Security) has observed that although there are already many systems that avoid entering a password or credentials, the number of services that still require this type of authentication is still enormous and 98% of websites still asking for these passwords without offering any other means of identification.
The director of this company has pointed out that the password should only be the first security factor and that these factors should ideally be based on something only the user “knows” (his password), “has” (a security or electronic key) or “sea” (a biometric measure).
With that in mind you have given the classic example of the ATM where you need a physical card and a PIN; or that of many websites that already require a password, but then a code sent as a text message to a device to log in or complete an operation.
The commercial director of S2 Grupo, Rafael Rosell, has insisted that the most recurring and used passwords are the most insecure, recalling that after the Ashley Madison dating network was hacked, it was discovered that the one used by users on most used password also was “123456”.
All experts agree, warning that the pandemic has triggered the use of the Internet (shopping, teleworking, leisure, etc.) and with it the threats and risks have also skyrocketed, but the importance of security is no longer understood by users of the network and have robust mechanisms for identifying it.
“We keep reusing passwords for everything, we keep using very fragile keys and hardly change them, it’s the perfect storm, they steal one of ours and they have access to many other services. We’re vulnerable because of our low consciousness, we make it very easy for evil,” Rosell said.