* By Francisco Camargo
Passwords are a growing problem in the lives of people and companies. In addition to being easy to “break”, especially if they are short and have only numbers or letters, their use is essential to access the most varied services and websites: bank, personal email, corporate email, eGov, credit card , telephone operator website, energy utility website, social networks, transportation and meal apps, shopping websites and so on. We can intuit that each person must have, on average, about 15 passwords.
On the other hand, the main premise to keep your credentials (login and password) safe from cybercriminals is not to repeat passwords, that is, for each service, a different password. Well, except for those with a prodigious memory, this is the perfect recipe for petty mortals to get their hands dirty.
Another recommendation is that passwords should not be written down to prevent other people from having access to them. Added to these guidelines, the different rules of the services. Some only accept numbers, others limit the number of characters, others require at least one capital letter and one special character to be included, others do not accept characters. There, the lick is done.
Perhaps because of these difficulties, many people choose to use easy passwords, such as a sequence of numbers and dates, and keep the same password for different sites and services. Unfortunately, this is the decision that crackers like the most. They take advantage of password reuse. There is a study by Auth0 (The State of Security Identity) which states that when an account holder reuses the same (or similar) passwords across multiple websites, it creates a domino effect in which a single pair of credentials can be used to violate multiple apps.
More than 50,000 daily incidents, observed by the Auth0 identity platform, happen due to the reuse of passwords by users. Once the password has been discovered, it is virtually certain to be for sale on the deep web. What to do?
Long and unique passwords
Using long passwords, about 15 characters long, using uppercase and lowercase letters, numbers and special characters is the main guideline for experts. There is no escape. As we know how difficult it is to memorize so many strong passwords, the way is to create a variation, using two or three words, a phrase, that means something to the person and is not too well known as "my son's name is..." or "the my wedding day is 17”. Choose something only you know. Then, intersperse uppercase and lowercase letters and any number that fits the sayings. For example, math class was great on Mackenzie: AaDmFoNm#05 (05 would be the day that math class was great). Then, to avoid repeating the password, put a reference to the service to which it belongs: Para_AaDmFoNm#05_CLM. So this password is for my corporate email from CLM. For the commute app, it would be Para_AaDmFoNm#05_Uber.
Note that special characters or symbols can and should be used to separate information. Para_AaDmFoNm#05_Uber
Forget easy passwords
In the urge to memorize passwords, many people use a sequence of numbers, such as 123456, the date of birth, marriage or birth of a child, cell phone number, etc. Forget that kind of password!
Log out on exit
Whenever you use your credentials to access a service or website, before logging out, it is important to log out because the cybercriminal could steal your session cookie.
password vault
Some cybersecurity solutions provide a password vault. This can be a good measure too.
universal login
To ensure the credentials of a company's employees, although care is much more complex, especially with remote work, there are technologies that can substantially improve security. One is universal login, which enables secure user authentication across all applications, from the first to the last click and everywhere, via a central authorization server, which mitigates account hacking attacks.
The interesting thing about this type of solution is that it can solve the problem of violating customer passwords in an e-commerce, for example.
OTP
Multi-factor authentication is another feature that is catching on. Requires a code for each time the user logs in to a particular service. WhatsApp has this facility, which few people use, but which can prevent the application from being hijacked.
*Francisco Camargo is CEO of CLM, a Latin American value-added distributor focused on information security, data protection, cloud and data center infrastructure.
EN 
PT 
