Online life has become an addiction for socializing, paying bills, online shopping, information and communications, and to be fully protected we must know how to choose strong passwords that are difficult to guess or find out.
The next step of online account security it will definitely be biometric authentication. Instead of remembering a few or maybe even dozens of passwords, simple fingerprint, voice print or facial recognition si iris scan will suffice as to authenticate on an online account or in an application. Until then, however, we are dependent on passwords, which of course they are targets of cyber attacks. From access passwords in banking applications, passwords of email accounts to those on forums and social networks, they all mean money for an ill-intentioned hacker.
I know well that for many Internet users it is enough stressing to remember complicated passwords and most of the time I choose simple words, but the first redoubt against cyber attacks is awareness. Awareness.
Awareness means caution to access web pages with questionable content, let's not open links sent by friends or strangers on social networks, WhatsApp, SMS or email. Prudence means up-to-date updates of operating systems and last but not least we choose strong passwords for online accounts.
In today's article we will stop at choosing passwords for email accounts, social networks, accounts on forums, online stores and other platforms.
How we choose strong passwords for banking applications, social networks and other online accounts
Unique passwords for each online account
First, it is not a good idea to use the same password for several online accounts. For example, when you create a new account on a website, do not choose a password that you also use for email, banking applications or social networks. Websites are often the target of cyber attacks, and among the most valuable information sought by hackers are the account passwords on the victim website. By finding user passwords on the website, that password will certainly be tried on several accounts that belong to you.
Between 2013 and 2016, Yahoo! was the target of cyber attacks, and the user and password data of over 1 billion users ended up being sold on Darknet. Throughout the existence of Yahoo! billions of accounts were compromised (Wikipedia). By the way, you still have an email address on @yahoo.com.
If you create a new account on an anonymous website, you will not know for sure who administers the data of the created account, nor if the passwords are encrypted or can be seen by administrator. You create an account on the example.com website, but you use the same password that you have on your email account or on another website. A mistake that many Internet users make, without realizing that in this way they expose their credentials to third parties.
The best idea is to use a unique password for each individual account. I know it's hard to remember multiple passwords, but it's one of the security measures.
Passphrase – How we choose strong passwords made up of phrases
Expressions are the easiest to remember, and they form strong passwords (passphrase) through the large number of characters. If in combination with the letters use some numbers si special characters, then security is guaranteed. "I.have.a.crazy.cat!2009". A password of 23 characters in which you can tell about your cat, with its year of birth.
It is very important to have a complex password, consisting of uppercase letters, lowercase letters, numbers and special characters. Most password cracking apps use the method Brute Force. In short, it is a password generator which tries millions of combinations until it reaches the right one. The more characters the password contains, the less likely it is to be found. Moreover, many online services no longer allow new users to choose simple passwords for their accounts. Passphrase is about how we choose strong passwords for accounts.
Easy to guess passwords
The simplest passwords are the ones that contain children's names, Of pets, dates of birth and other names that are on our lips every day. These are the easiest to remember, but they are also the easiest to guess, representing a security problem.
A short password, considered at least 8 characters long, must contain both lowercase and uppercase letters. In addition, it is mandatory to include at least one digit and a special character in the combination. An example of such a password is: “Myc47?22”. Password that could be associated with “My cat? 2022".
Extensions and applications (Password Management Tool)
There are several applications that help you remember passwords, while also offering strong password suggestions. Applications such as LastPass si 1Password offers you some tools to generate strong credentials. These are saved online, so that based on an account you have access to them from anywhere, both from your computer and from your smartphone or iPhone. In addition, they also have browser extensions through which you can automatically authenticate with the data saved in administratorthe password.
Google Password Manager is also a good solution, especially if you use Google Chrome. Based on your Google account, you have access to your authentication credentials from anywhere and on any device.
Device owners Apple they have at hand Keychain Access for Mac. A password manager that syncs in iCloud credentials on all devices that have authenticated the same Apple ID. Thus a password saved on Mac for the online store will also be available on iPad or iPhone when accessing with Safari. In addition, when we create an online account, we are suggested strong passwords that are automatically saved in iCloud.
Two-factor authentication (2FA)
Even if it is a bit more complicated for many, two-factor authentication (Two Factor Authentication / 2FA) is recommended for added security.
2FA it assumes that, in addition to the password, a code (token) must be generated that changes automatically every few seconds. Authentication will be based on the password and a token code generated on the application.
As an application for the generation of 2FA we Google Authenticator Smartphone and iPhone. When we activate two-factor authentication, a QR code will be generated that we must scan with the application. After scanning, the account will be immediately added to Google Authenticator.
It is very important that before deleting the application from the phone or if you change the phone, you make a backup of the accounts in Google Authenticator.
For iOS and iPadOS recommend the application 2FAS Auth. This saves the 2FA credentials in iCloud. So if you lose iPhone or uninstall the application, the 2FA credentials remain iCloud and they will be automatically imported during the reinstallation 2FAS Auth.
A future without passwords
Apple is working on a new authentication system without passwords, which we talked about on iHowTo.Tips.
pass keys it involves authentication based on biometric identification, eliminating passwords altogether.