If someone knows our username and password, they will have access to all our information; You can publish on our behalf on social networks, read and reply to emails or see the balance of our bank account, among others.
What security measures should we take when establishing a password? Your passwords should be:
Passwords must be secret
Although it may seem like a platitude, the first recommendation for our password to be safe is to keep it secret. A key shared by two or more people is not secure. It is very important to transmit this recommendation to minors, who are used to sharing passwords with friends or partners. If that relationship breaks down or an enmity ensues, the other person will have access to all of her information.
Passwords must be strong
We must always choose a strong password: minimum length of eight characters, combining uppercase, lowercase, numbers and symbols.
We must not use simple words in any language, proper names, places, excessively short combinations, dates of birth, etc. This includes keys formed solely from the concatenation of several elements. For example, “Pepe1985”.
Some examples of passwords that we should not use:
Consecutive numbers “123456”
Any proper name “Andres”
Telephone numbers “616……”
Consecutive letters of the “QWERTY” keyboard
Any special date “12-21-1985”
One of the problems with using passwords that are too simple is that there are programs designed to try millions of passwords per minute, which would discover them in a short space of time.
Passwords must be unique
We must use different keys in different services, since the theft of the key in one of them would allow access to all.
Sometimes, remembering all the passwords we use (email, social networks, instant messaging, forums, etc.) can be difficult. To facilitate the task, we can use some simple rules:
Change the vowels for numbers. For example: The dog barks → 2l p2rr4 l1dr1
Use mnemonic rules. For example, choosing the first letter of each of the words in a sentence that is easy for us to remember: A bird in the hand is worth more than a hundred in the bush→ Vmpemq100v
To make work easier, we can use keys based on the same pattern, introducing slight variations for each service. For example, based on the previous password, add the last letter of the service used in uppercase at the end:
Facebook → Vmpemq100vK
Twitter → Vmpemq100vR
Gmail → Vmpemq100vL
Depending on the service and its importance, we can use more or less robust keys, to facilitate its memorization. For the most sensitive services, we can always use a random password generator. Most password managers offer this functionality.
It is best to use these rules as inspiration for creating personal and secret passwords.
Another reason not to use the same key in different services is the fact that some of them do not store our encrypted password. In this case, we are inadvertently sharing it with these services, so we must put a password that does not look like any of the others we use.
We can identify these services because when we register or recover the password they tell us what our password was, instead of providing a link to change it.
Beware of security questions
Some services offer the option of using security questions so that, in case of forgetfulness, we can recover the password.
However, many of these questions are simple and anyone who knows us or has access to our social networks could find out the answer. For example: What is your pet's name?
Therefore, we should not use security questions with obvious answers. We can provide a complex answer or a false answer and only known to us.
Use password managers
To store the keys of the different services we can use a password manager. They store our keys securely and protect them with a master access key.
We must take into account the following before using this type of program:
The password that we use for access must be safe and robust since it gives us access to the rest of the keys.
If we forget this key we will not be able to access the rest of our passwords.
We must make backup copies of the key file, to avoid losing the stored keys.
Let's do a quick review of the advice that we must take into account when managing our keys:
Do not share your key with other people. Once you share it, it is no longer secret.
Use a strong and secure key. There are many ways to have a robust key that is easy to memorize.
Do not use the same key in different services. Always different keys for different services.
Beware of security questions. If you use them, let only you and no one else know the answers.
Use password managers. If you have trouble memorizing or use a lot of services, use one of these programs. They are very useful and easy to use.