It is difficult to come up with different and enough random passwords for all the services we use on the Internet, but in addition to applications, we can use phrases from books or proverbs to help us.
The first time there is evidence of the use or invention of a password is in 1961. That year, MIT scientists had to invent a system to be able to share a device that several users connected to in a shared manner. They had to be able to distinguish who had access at what time. This is how usernames and passwords were created.
Its use became popular with the various applications developed over the years. The system made it possible, and still does, for applications to know who they are communicating with and thus store personalized data for each person.
At the turn of the century, banks began to operate en masse on the Internet and more serious problems with passwords began to arise. Over time, cyber criminals realized that these keys were easy to find.
People get used to using passwords that are easy to remember, such as the most typical of 123456, names of people and years, names of pets, famous places we’ve visited or where we live, and football teams. All of these passwords are very easy to remember and use, but cyber criminals can discover them very quickly by searching a little bit of information about people.
In addition, since there were problems with forgotten passwords, a series of fixed questions were initially devised to which the user had to answer with the same information that he had entered at the time of registration. The most typical: the name of the pet.
Let’s remember the attack Paris Hilton suffered years ago. The cyber criminals were able to enter the files stored on the mobile simply by answering the question for the name of their pet (a Chihuahua they were not separated from). By answering correctly, they were able to retrieve Hilton’s password.
In the year 2003, Bill Burr, manager of the United States National Institute of Standards and Technology, wrote a paper in which he put together a series of tricks to create the most secure passwords.
Burr introduced the guideline to mix letters, numbers, uppercase, lowercase and special characters and of a minimum length to create more complex passwords than most people used at the time. I thought I had done a good deed and helped people, but the opposite was true.
Burr ended by apologizing for making this document and these tricks. He had devised a system that forced the user to memorize very complex passwords that were impossible to remember. We may remember one or even one of the two people, but with the number of services we currently have on the web, this system is the exact opposite of what it was intended to be. Passwords that don’t make sense to people are quickly forgotten.
Starting with a familiar word (which is usually a common word), changing numbers and some character isn’t a good solution. Besides being much more complex to remember, it gives us the sense of protection, of using a completely secure password system, but it’s quite the opposite.
There are computer programs that generate passwords from lists of words in a dictionary. They change numbers before letters or add numbers before or after or even special characters.
Thus, these tools make it possible to generate completely random combinations of these letters, numbers and characters, or permutations of letters and numbers of a few well-known words that could be more or less related to the people you want to attack. For example, for someone who is a big fan of a certain football team, you could make combinations of names related to that team, athletes, years, etc.
Within seconds, these programs are able to list millions of possible combinations of letters and numbers that are tested on websites that ask for a username and password until they find the right one.
At the moment we cannot stop using passwords. Today, all systems are based on this way of identifying. So it’s best to have a way to use complex passwords that is easy to manage. We have seen that they cannot be directly known words, nor meaningless combinations of letters and numbers that we do not remember.
We can use two strategies that allow us to have good passwords that are easy to remember.
The first is to memorize a phrase from a book or a proverb and adapt it for each of the services for which we want to use a password. For example, we can consider the book El ingenioso hidalgo don Quijote de la Mancha by Miguel de Cervantes, which begins with the sentence: “In a place in the la Mancha, whose name I do not want to remember, a hidalgo lived not long ago… » If we only use the first letters and characters, we can get a very long password that makes no sense: E1ldlM,dc2nqa.
But we can also adapt this key to the website we want to use. For example, for the bank, which consists of five letters, from the fifth position we will insert a concept related to the bank, such as a vault, using a separator such as +, -, ¿, :, etc. It would be something like are as Elldl+FuerT+M,dc2nqa. So we just need to repeat the sentence and put the initial letters and the web it points to. Surely it is easier to remember this password than a random combination of 19 characters.
Another possible option is to use a password manager, an application that we can install on the mobile or the browser in which we can save the different passwords that we create. In this way we only have to remember one that unlocks the application and we can search for the password we need.
The problem with these tools is that we always need the mobile phone to see which password to use in each case and to remember to write it down, as well as the changes to these passwords.
In addition, you should be very careful when installing such an application because cyber criminals know this and create similar apps that we can use and send them all our passwords directly, including banking or email passwords. Before installing the application, we should look closely at the comments that the application has and when it was created, and yet we should always be a little suspicious. These tools are useful, but in the end we rely on a third-party application that we don’t know, and not the ability of our mind to hold a sentence, for example.
There are three methods of authenticating a person into a service, be it web or face-to-face: what we know, what we are, and what we have. We know the passwords (we have them in memory). We are the fingerprints or the iris, biometrics in general. And we have a device to send a unique code to, for example the phone.
It has been known for some time that using only one authentication factor is a serious security problem, which is why banks and other services are already using two. In addition to the password, they send us a unique code to validate our actions. In addition, the latest generation of phones already have biometrics to manage access to the websites we want to keep.
With proper use of these authentication factors, passwords will stay with us for years to come. It is highly recommended that in all systems that allow it, we activate this second factor of authentication, especially on shopping websites or websites that have stored the credit card for purchase, email, etc.
Even if the cyber criminals manage to get hold of the password, they won’t be able to have the same device or fingerprint. While there are cybersecurity issues with these latest methods, they are not so easy to manipulate and so we can be a little more protected than just the name of our pet or our favorite soccer team.
This article was published in ‘The conversation
Source: La Verdad
I am Ida Scott, a journalist and content author with a passion for uncovering the truth. I have been writing professionally for Today Times Live since 2020 and specialize in political news. My career began when I was just 17; I had already developed a knack for research and an eye for detail which made me stand out from my peers.
