Every year in early May occurs the World Password Day, an important global event designed to raise user awareness of the importance of choosing effective passwords and keeping them safe. Let’s also return to the importance of create strong passwords: by following some simple suggestions, in fact, it is possible to protect yourself from most risks.
Various studies gradually published by the main companies active in the sector safety computer science are in agreement: even today a good portion of users use the same password to protect multiple accounts. This is a reckless practice because it can expose personal data and sensitive information to the mercy of bad actors when just one of your account was somehow violated.
More report highlight that cyber attackers launch an average of 50 million password attacks every day, or around 580 per second. And they are very effective: 60% of data breaches are attributed to compromised credentials.
One Europen in three still uses the same password or variations of a main password, while almost half of people change their password once a year or never change it. In another article we saw when it is appropriate to change your password.
The password management problem
As for the password managementmany try to keep them in mind, others write them down on paper while a small part uses them password manager.
At first glance, keeping passwords in mind may seem like a good technique, but the high percentage of users who use this technique indicates that many use passwords that are easy to remember and therefore easy to guess with brute force attacks (brute force) and techniques social engineering. Users instead need a secure method to store their credentials and above all they need to periodically update their passwords.
Other research highlights how more than half of users own between one and four devices that are not protected by a password or some form of security. biometric authentication (like fingerprint). This, too, is an alarming fact. Most users are interested in creating easy to remember passwords rather than relying on a strong password capable of guaranteeing a good level of protection.
Luca MaiocchiCountry Manager Proofpoint, observes that 95% of cybersecurity issues can be traced back to human error. It is therefore vital that professionals and companies implement a human-centred approach to security, ensuring that both remote and in-office employees receive security training. best practice. The emphasis must be placed, for example, on the topic of correct identification of phishing attempts credentials and how passwords can be managed securely.
The idea of passwordless access and the spread of the passkey concept
Paolo LosaCountry Sales Director di CyberArk Europe, highlights the importance of progressively moving away from reliance on passwords. “Eliminating passwords is a more effective way to protect user identities from phishing, keylogging and man-in-the-middle attacks. Not only that: eliminating the need to create complex passwords and update them frequently also simplifies the user experience“, observes Lossa. “Finally, passwordless authentication can also increase productivity by removing the need for related IT support tasks, such as resetting them.“.
Lossa further explains that the main obstacles that prevent companies from moving to apasswordless authentication they are the systems legacy requiring passwords and the difficulty of dealing with larger, more complex environments with thousands of users, countless applications, hybrid and multi-cloud environments, and multiple login flows.
“Users and businesses should also consider the passkey, a new passwordless authentication factor that takes advantage of the security capabilities of the devices themselves. Passkeys are phishing-proof and eliminate attack vectors possible with password authentication“, concludes Lossa.
Passwords can always be subject to brute force attacks
As long as passkeys do not become widespread, a tool already in the deployment phase which should lead toabandonment from the traditional passwords, it is important to create secure passwords, capable of resisting every possible form of attack, even those launched by allocating large computational resources. In another article we saw how long it takes to crack a password and, for example, trace the password clear password starting from the correspondent hash.
Would it be more serious to suffer a home burglary or theft of data protected by your passwords? Certainly, for most people, the second case is more serious. At home, except for those who have very valuable objects or large sums of money, there is generally a risk of commonly used objects such as TVs, coffee machines, bicycles being stolen, but online? Online, attackers could steal money from a bank account, publish “embarrassing” photos that could put one’s reputation at risk, read WhatsApp messages and publish unwanted photos on Instagram: potentially a disaster from both a personal and business point of view.
“But then why do we put modern locks at home with chip card, armored doors, cameras, home automation, access control and on the mobile phone or social profile we put a password with the date of birth, the name of the cat or boyfriends?”, observes Alessio Aceti, CEO of HWG Reasona leading Europen operator in the cybersecurity sector.
Choose passwords well, protect them better and rely on more advanced authentication systems
Choosing a good password is essential for to protect their own account online from possible cyber attacks. A weak password can be easily guessed or deciphered by attackers compromising the security of your personal data and sensitive information, such as banking information or passwords to access other accounts.
A password forte, on the other hand, can effectively protect your accounts, preventing hackers from accessing your data. A good password should be long, complex and not easy to guess, using a combination of uppercase and lowercase letters, numbers and symbols.
On the other hand, as he points out Veronica PaceHead of Marketing Trend Micro Europethe compromised passwords are responsible for 81% of data leaks linked to criminal activities (source: Verizon Data Leak Investigations Report 2024).
The decalogue for choosing the best possible password
We propose them below golden rules for creating valid and useful passwords to protect your accounts and online identity.
Don’t choose predictable passwords
They should always be absolutely avoided “weak” passwords and above all containing references to one’s own person, important dates, relatives, anniversaries, pets and so on. Often the information useful for violating an account can be easily “gathered” from social network. The Cambridge Analytica-Facebook case should have set a precedent.
Always choose complex and sufficiently long passwords
Don’t listen to those who want one at all costs simple password to remember. Passwords should be long (preferably 12 characters or more) and complex, using alphanumeric characters (uppercase, lowercase, letters and numbers, special characters) and at least one symbol. These attentions allow us to avoid any risk of attack brute force or based on dictionaries.
It is obvious that for online services that do not host personal data or confidential information, less complicated passwords can be set but the choice of “effective” passwords is essential to avoid unpleasant situations.
The function for saving passwords with Google, for example in the Chrome browser, helps check security of passwords and credentials.
You can also make use of a secure password generator that allows you to create new passwords without racking your brains and sticking to the best practice universally recognized.
…