How to create a safer password?
Advice to make more insurance the access by password
Lamentably we must tell him that such thing does not exist as a totally safe password. Only there are passwords that are more or less safe. The passwords are the easiest, advisable and effective form that the hackers can accede to their accounts.
Techniques more common to obtain passwords
- Attacks by dictionary: tools exist in line that cause that to guess a password it is made almost without effort. These gratuitous tools allow attacks by dictionary, use words common to fill the password fields until they find the correct one. The recommendation is the other way around not to use terms of slang, written words of dictionary, words, or common orthographic errors. Also it avoids to use combinations of keys of the keyboard that can be easy to guess as qwerty or asdfg.
- Simple passwords: it does few years was an enormous violation of passwords, more than 32 million. Approximately 1% of the victims used passwords as 123456, and the most common password after that was 12345. Other common passwords were abc123, qwerty, princess, and 111111.
- Guessing the security questions: when it chooses the option of I forgot password in the websites, questions are made him generally of security to verify if you are the one who you say that she is. Many people use the names of their children, mascots, wife, or some other answers common easy to guess. The hackers can find out this information with a little investigation, as acceding to their social networks. Soon they put that answer and ready, already they have access to his password.
- Social engineering: social engineering is a practice that is used to manipulate to others to take action or to offer confidential information. It never gives his keys by telephone to no person who claims to be of the company at issue.
- Reusability of passwords: when a hacker obtains access to a single of its passwords, they already know that probably they will be able to enter other accounts. Why? Because 31% of the people use the same password for multiple sites. This not only is a risk for identity robbery, but also the risk of filter of banking information exists.
Advice so that their passwords are safer
- It uses a different password for each account that it has.
- Become disconnected whenever it uses a public device or if people around can see when its key writes. Also it could use the methods of navigation deprived of the navigators if its computer is not using.
- Make sure that nobody is seeing when its password writes.
- It tries not to write passwords in public computers, as libraries. Often the systems have malware that rob passwords.
- It uses security software and updates it regularly.
- It does not share his key with anybody. Although it trusts a person now, is no guarantee that will have the best intentions with you in the future.
- It avoids to write passwords in a device when it is connected to a network Wi-Fi without security, as in a cafeteria or an airport.
- The strong passwords are more difficult to guess and easy to hackear. For example, it tries to negociate bills by numbers. For example, instead of Indiana @ can create the 1nd1@n password.
- It uses a minimum of eight characters and mixes numbers, uppercase letters and small letters, and symbols.
- Following which so sensible it is the information, it would have to change all passwords periodically, and to avoid to reuse them by a period of a year.
- It includes characters nonstandard, as for example: n, $, % « ¢¦
- It verifies the force of his password. If the website includes one, make sure to do case to him.
- Feel in freedom to write his passwords, but not near the computer but in a safe place.
- It creates tracks to remember the passwords.
- It uses his keyboard as a trowel to create a form that is easy to remember. For example, @wsXdr5 makes a form of V when it begins to write from @.
What is the social registry?
The social networks have evolved very many and now they are the villa means form when being united to the radius, the television, Internet and average forms. Although the social networks use Internet, we cannot deny that they are an organization in case single. Also they include the other means forms in a closed package.
With this explosive growth there is a pair of sites of social networks, Facebook and Twitter, that have raised the top of the battery, and each one of the social networks fight to be in the top of social means in the Web. Also they want that it uses these sites to connect itself within these sites. The suppliers of post office in Web, as Yahoo and Gmail, also want that you do this, and for that reason often she will see websites that give the option him to connect themselves with Facebook or Google.
The same process is used to connect a community of social network with another one, and for that reason it can make crossed publications of Facebook to Instagram, for example.
The idea behind the concept of social registry is that all the users have a settled down identity who use in line. In agreement it spends the time, the identities of the users in each platform or community begins itself to mix, which allows us to buy, to communicate to us and to connect us to other devices. This also allows us to only once move us from a website to another one introducing the credentials.
Although it is a form very practical to connect itself and to create accounts in different websites, the social registry can also be risky. If some of these accounts is it jeopardize, and is connected with others, the hackers will have access to all the accounts with a single effort of hack. If the accounts do not have any risk by security, or the information in them is not sensible, it can be that this situation is not serious. But when there are passwords and e-mails, the risk can increase. Definitively this method, although practical, entails security risks.
Pi©nselo of this form: it can be connected in line to his bank account using Facebook? More likely that will not be the case. So, when it is possible, it tries to create new names of user and passwords for all the accounts instead of to use his credentials of Facebook or Google to connect itself.
What must know on the administrators of passwords?
Probably already it will have noticed that almost all the websites in the Internet require a password. In fact, a pair of times per week must at least receive some request to be united to a new network or new service in line and, by all means, these networks require of a name of user and a password. Clear that it can use the same password for all the different sites, but already we explained above why this can be a problem.
The best way to fight with the administration of passwords is to make a small investment to buy a service or software of administration of passwords, that will as much store their passwords in their computer as in the cloud. The best thing of this is than it will have to only remember one masterful password, and this will give access him to all the other passwords. This is what must look for in the administrators of passwords:
- A tool of generation of passwords that does much more difficult that their passwords are hackeadas. It will not either have to remember these passwords because they will be stored in the administrator.
- That it can synchronize through all devices and multiple navigators.
- An application for movable devices that is synchronized with the system.
The security of the administrators of passwords at this moment is not a problem, since the majority has very high levels of encryption, and are very difficult to penetrate.
The real vulnerability when an administrator of passwords uses is with its personal computer, that has some malware that can take a photo from screen or record the pressed keys (keyloggers). Make sure to have installed a good program anti-virus and to update it regularly to prevent infections.
Another thing that can do is to use the keyboard in screen to write the passwords instead of to use the physical keyboard of its computer. This makes difficult that the passwords can be tracked.
We presented a list to him of some administrators of passwords, with some advantages and disadvantages of each of them:
Keepass is a shareware and of open code that can administer its keys safely. It can store in a single data base, that can encriptar with a single masterful password. Thus, it will only have to remember a password. The data bases of Keepass are also encriptadas and use safer algorithms of encryption, Twofish both and AES.
This program uses strong and unique passwords, and soon it remembers them and it automatically places them in his navigator.
To use these tools of administration of passwords is extremely easy, and will cause that never more it forgets a password. Also, it will be able to be connected easily to any site where it has account with a single click.
These programs automatically synchronize the information of their passwords, so that it can accede to them when it needs them. Also, he is much more safe to use a tool of these, and they allow him to in line avoid fraud, impersonation of identity or phishing, and malware.
Authentication of multiple factors
The authentication of two factors (A2F) is a method to confirm that a user is the one who says to combine two different components. It is the method more extended at present to accede to accounts of mail as those of iCloud or Gmail, but it is asked for generally that the user activates this layer of additional protection voluntarily.
An of life daily example of this type of authentication is the retirement of cash of an ATM. When combining a credit card something that the user owns and a pin something that the user knows is allowed that the transaction takes to end.
In Esliteratura we recommended to activate the authentication of two factors in all the systems or accounts that offer it. It is a much more difficult form that they enter without authorization its account.