Actualidad

New year, new password?

The start of the year is a good time to change our passwords in the devices and applications on which we want to maintain a high level of security, or in any case prevent them from being the same, as always, as a mere precaution.

There are several methods with which computers can be attacked regardless of whether the device is a mobile, a tablet or a computer.

  • With dictionaries or word lists. An attacking program reads from a database or data dictionary and attempts to penetrate the system.
  • With rules. This system is more sophisticated than the previous one, since you have to discover and program the rule, but in the end you always get an access.
  • By brute force . It is the least sophisticated method, since it is about testing and testing, it requires a lot of process capacity.
  • With a mixture of the above. Hybrid attack.

If we have a 4-digit password, the attacker will only need 10,000 attempts to penetrate. It may seem like a lot, but in less than a second it is achieved. You have to think that the attacker has enough technology to achieve his goal. We can repeat the process, but for lowercase letters (27) taken 4 in 4, 531,441 attempts will be needed, as we see are many more, but a few seconds for a computer.

If we increase to uppercase, lowercase and special characters we will have a total of 97 cases (numbers, letters and special characters) to choose and, if we return to the 4 digits, the possibilities would become 88,529,281, as we see the number of attempts Increase by increasing the characters to choose. Also if we increase the password length, passing it from 4 to 10, the attacker would have to make 73,744,400,000,000,000,000 attempts.

Passwords follow the rule 20/60/20. 20% are easy, only numbers or letters and less than 7 characters in length, 60% of average difficulty between 7 and 10 characters in length and 20% longer and with greater difficulty.

The longer the passwords the better, combining numbers and letters, some of them uppercase or lowercase and with some special character. All this is very good, but is it practical? We must think that simple 1234 codes … or similar are easy to find. Saving passwords on an Excel sheet, or a “post it” or paper, is risky because it can fall into the hands of someone who of course makes everything easier.

Get away from keyboard walking 

Therefore, we should avoid things or methods extremely simple as following a sequence of keyboard (keyboard walking . An easy-to-remember sequence of numbers is the dates in “ddmmaaaa” or similar format, we already have 8, if we add a phrase, name, surnames that we remember and in some specific position, upper or lower case and intermingle a number, we already start to have something much more serious. If we also add special characters, we will have a little or nothing vulnerable system.

There are applications that when you try to access them a finite and low number of times, say that three, without success, automatically revoke the user and force us to change the password.

Finally, we can classify passwords into two large groups, those that matter to us, by data, by access to banks or sensitive information. Or those we use for certain queries or accesses, such as certain newspapers or other types that do not need complex passwords. The objective is that we have our own algorithm, which we can remember, that allows us to change it from time to time, avoiding unnecessary risks.

 


Manuel García Ramírez
MGR Consultants IT y Security Manager

Gianni Cecchin ——“La tecnología será indispensable para la recuperación económica”

Gianni Cecchin, CEO de Verne Technology Group, ha participado en un nuevo vídeo de PROA. En la entrevista ha señalado como indispensable el rol de la tecnología para la recuperación económica, “aunque el factor humano será determinante”. En este sentido, cree que el teletrabajo ha llegado para quedarse. Además, ha...

Risk auditing, a profitable investment

There isn´t a day that we open the digital version of any newspaper and not encounter a reputational crisis: a company, a public institution, a cultural organization or an NGO accused of illegitimate behavior. Some of the problems they face are of a technical nature: a toxic leak, an unexpected...

Rocío Ledesma del Fresno —— Consciencia financiera: utiliza tu cerebro para tomar buenas decisiones

El cerebro triuno de Paul McLean sugiere que nuestro cerebro tiene tres grandes zonas de procesamiento de información y cada una de ellas representa una......

——El Club Internacional de Prensa entrega sus premios internacionales de periodismo

Carlos Herrera, María Dueñas, Jordi Socias, Daniela Santiago y Mujeres por África son los otros galardonados con las Rosas de Oro y Plata en la edición de este año de los premios internacionales de periodismo El Club Internacional de Prensa entregó sus premios internacionales de periodismo el pasado 8 de...

How the coronavirus will affect the global and Spanish markets and economies

The coronavirus crisis is having a very negative impact on people’s daily lives as well as on markets, the economy and politics. A recent report by Arcano Economic Research explains the consequences of this disease in these areas, and the scenarios that can occur afterwards. According to the entity, the...

Brand purpose communication

Communications on brands purpose plays a role more important than ever in a company’s reputation. In this matter, Pilar Larrea, former Campofrío’s Communications Manager, explains the significance of this issue and what should be the company’s purpose.  Pilar Larrea’s Quotes “Having a purpose is the reason for existence for...

Más conversaciones, más ideas, más PROA.
Síguenos en nuestras redes.

Recibe ideas con criterio

Cada semana compartimos reflexiones, tendencias y claves sobre reputación, comunicación estratégica, asuntos públicos e innovación. Contenido pensado para profesionales que valoran la información con rigor y perspectiva.