Introduction

A few weeks ago, we provided some general tips for protecting data shared on the internet and preserving its privacy. (We shared the link in case you want to learn more: https://www.unimedia.tech/protecting-your-data-tips-from-the-experts/)

One of the key points in cybersecurity that we discussed in our previous article was passwords. The significant increase in digital tools we use daily necessitates continuous password usage, both in our work and personal lives. This is why it’s crucial for us, as users, to take precautions and be aware of the importance of using secure passwords.

Although when we think of “passwords,” we automatically associate them with the digital and computer world, they are not a recent invention.

• We have evidence that ancient Roman soldiers would write a watchword on a tablet during a guard shift change.
• During the Middle Ages, castle guards used a “watchword and countersign” to allow entry only to those who knew the secret phrase, thus avoiding unwanted intruders.
• Much has been written about the encryption methods used during World War II. Codes and passwords became critical in secure communications among armies. About 80 kilometers from London stands Bletchley Park. It was a complex of military facilities where intercepted messages from the Germans were analyzed during World War II. Most of these messages were generated in code using encryption machines like the famous Enigma. Allied technicians had to use the most advanced systems and devices of the time to decrypt them.
• One of the earliest documented cases of computer passwords in history is over half a century old. It emerged in 1961 at the Massachusetts Institute of Technology (MIT). An early form of password-based authentication was established there to access computer systems. At that time, users of the Compatible Time-Sharing System (CTSS), one of the earliest time-sharing operating systems, could use passwords to protect their accounts and personal data within the system.

Why is it so important to use highly secure passwords?

Hackers employ various methods and systems to obtain passwords, breaking through the cybersecurity barrier that safeguards data. We can define two main attack vectors to obtain them.

• Exploiting the user: Through deceptive strategies, hackers manage to obtain passwords, either directly or indirectly. This category includes phishing, social engineering, or malicious programs.
• Eavesdropping on communications: In this case, the user doesn’t play a role. Hackers compromise the security of the medium through attacks (brute force, dictionary attacks…), monitoring networks, or using trial and error.

And though it might seem incredible, passwords are often stolen using the technique of “shoulder surfing” or looking over someone’s shoulder. Be very cautious when using ATMs or making payments with cards.

Weak Passwords

Every year, cybersecurity companies publish lists of the most commonly used passwords both locally and globally. The existence of repeatedly used passwords is already a clear alarm signal. For 2023, the most used passwords worldwide are:

• 123456
• password
• 123456789
• 12345
• 12345678
• qwerty
• 1234567
• 111111
• 123123
• 1234567890

In just 10 attempts (one for each password on the list), a hacker can gain access to the data of thousands of users. These are, therefore, the most insecure and fragile passwords. Using them is akin to leaving the keys in the door of our house, an open invitation for our information to be stolen.

Mistakes when creating a password

When creating a password, we tend to use elements that help us remember them out of habit. However, unknowingly, we are making mistakes that jeopardize our cybersecurity. Hence, we recommend:

• Not using personal names, names of family, friends, or pets.
• Not relying solely on letters from the alphabet a-z or numbers from 0 to 9.
• Not using fictional names: characters, books, movies.
• Not using city or place names.
• Not using brand names like vehicle or technology brands.
• Not using any kind of dates.
• Not using personal information: hobbies, favorite places or foods, work references…

It is not advisable, therefore, to use password components that can potentially be guessed or deduced. Specifically, by using social engineering (a method mentioned as a hacking technique), a hacker could discover our pet’s name, our favorite book or author, or an important date we used as a password. It would be enough to engage in a conversation with us (in a chat or via email, for instance) and/or review our social media where this type of information often appears.

Secure Passwords

Though creating a secure password doesn’t guarantee 100% protection against hackers gaining access to our data, it significantly hinders such access.

Here are some recommendations that will help you create stronger and more secure passwords and manage them correctly:

• Use both uppercase and lowercase letters, numbers, and symbols.
• Ensure an adequate length (avoid short passwords).
• Don’t use the same password for all services.
• Don’t use your email password for other services that use email as a username.
• Change your password regularly.
• Don’t log in on public networks (Wi-Fi).
• Don’t write down your password on paper, post-its, or any physical medium.
• Ensure there’s no one around when entering a password.
• Keep your antivirus software and programs up to date.

Using strong passwords, whose combination is impossible to predict or guess and whose length requires a lengthy computation time, is highly secure. But there’s an issue with this type of password: they have to be used by humans. And people are not particularly good at remembering things.

If a user accesses 10 different services daily, all with strong passwords, they can’t write them down and also need to change them regularly, it’s almost certain they won’t be able to memorize them all. What will happen? They’ll stop changing them or end up using the same password for all services.

Remembering sequences of random numbers, symbols, and letters is quite challenging for humans. On the other hand, the human mind processes sequences that make sense or follow a pattern that can be reproduced more effectively.

The key is to find a middle ground between weak and easily memorable passwords and strong, complex passwords.

There’s an increasingly popular way to create passwords that are easier to remember. It involves building a password with chunks of data known to the user (public or not) that are combined following a pattern known only to the user.

Some examples would be:

• First/last two digits of your vehicle’s license plate: 34, 93, 82, …
• Sum or subtraction of the two numbers formed by the first two digits and the last two digits of the birth year: 1990: (19 + 90) or 1990: (90 – 19)
• Using interspersed symbols, following patterns like: ¡! or ¿?
• First/last syllable of your birthplace: Al, Bar, Se
• Last 3 letters of your pet’s name: Tín, Fo, Co
• First letter of each word in the title of your favorite book: Don Quixote: DQ, One Hundred Years of Solitude: OHYS, The Pillars of the Earth: TPOTE

You could create a secure passwords like: 3471¿?BarFoDQ

There are countless sources of personal information that could be fragmented and used to generate a password. Moreover, this method enables you to create as many passwords as needed. And for the user, it’s easier to remember which fragment of information and which pattern they used. The cybersecurity achieved this way is very high, as only the user knows the process used.

While we know there’s no system that’s 100% secure, we can significantly minimize risks by creating as many obstacles as possible. By following our recommendations and dedicating a little time to the process, it will be easier to achieve. At Unimedia, we are experts in software development process security. So if you want to learn more about cybersecurity, don’t hesitate to contact us: https://www.unimedia.tech/contact-us/