News

New year, new password?

The beginning of the year is a good time to change passwords on devices and applications for which we want to maintain a high level of security, or in any case to avoid using the same passwords, as always, as a precaution.

There are several methods by which computers can be attacked, regardless of whether the device is a mobile phone, tablet or computer.

  • With dictionaries or word lists. An attacker program reads from a database or data dictionary and attempts to penetrate the system.
  • With rules. This system is more sophisticated than the previous one, as the rule has to be discovered and programmed, but in the end you always get access.
  • By brute force. This is the least sophisticated method, as it is a matter of testing and trial and error, requiring a lot of processing power.
  • With a mixture of the above. Hybrid attack.

If we have a 4-digit password, the attacker will only need 10,000 attempts to break in. That may seem like a lot, but in less than a second it is achieved. We have to think that the attacker has enough technology to achieve his goal. We can repeat the process, but for lowercase letters (27) taken 4 by 4, 531,441 attempts will be needed, as we can see, that is a lot more, but only a few seconds for a computer.

If we increase to uppercase letters, lowercase letters and special characters we will have a total of 97 cases (numbers, letters and special characters) to choose from and, if we go back to 4 digits, the possibilities would be 88,529,281, as we can see the number of attempts increases by increasing the number of characters to choose from. Also, if we increase the length of the password from 4 to 10, the attacker would have to make 73,744,400,000,000,000,000,000,000 attempts.

Passwords follow the 20/60/20 rule. A 20% is easy, only numbers or letters and less than 7 characters long, a 60% of medium difficulty between 7 and 10 characters long and a 20% longer and more difficult.

The longer the passwords the better, combining numbers and letters, some of them upper or lower case and with some special character. This is all very well, but is it practical? We should think that simple 1234...or similar codes are easy to find. Keeping passwords on an Excel sheet, or a postit or paper, is risky because it can fall into the hands of someone to whom we certainly make everything easy.

Fleeing the keyboard walking

Therefore, we should shy away from extremely simple things or methods such as following a sequence on the keyboard (keyboard walking). An easy to remember sequence of numbers are dates in ddmmyyyy or similar format, we already have 8, if we add a phrase, name, surname that we remember and in some specific position in upper or lower case and intermingle a number, we begin to have something much more serious. If we also add special characters, we will have a system with little or no vulnerability.

There are applications that when you try to access them a finite and low number of times, let's say three, without success, automatically revoke the user and force you to change the password.

Finally, we can classify passwords into two large groups: those that are important to us, for data, access to banks or sensitive information. Or those that we use for certain queries or access, such as certain newspapers or other types that do not require complex passwords. The aim is that we have our own algorithm, which we can remember, which allows us to change it from time to time, avoiding unnecessary risks.


Manuel García Ramírez
Director at MGR IT and Security Consultants

Spain, Better Positioned than Other Countries in the Face of the Imminent Economic Slowdown

The Spanish economy is weathering the onslaught of global slowdown better than expected. This is one of economist Emilio Ontiveros's presentation at a recent event on Independent Management held in Madrid. Ontiveros is also the president of Analistas Financieros Internacionales (AFI). Global Uncertainty Ontiveros began by alluding to the latest...

José Antonio Rodríguez Piedrabuena -- Emotional intelligence as early as 1959

In 1959 we had among us Professor Juan Rof Carballo, who wrote books such as "Cerebro Interno y Mundo Emocional", "Urdimbre Afectiva y Enfermedad" or "Cerebro Interno y Sociedad", true treatises on the causes of illness and the consequences of upbringing and on the emotional world. In...

From lockdown to Spain 2.0

In pre-confinement Spain, work was being done on the digitalization of our economic and social reality, but without pace. The apostles of the physical still found an echo to their arguments and more in a community where socialization is an essential part of the character. In a few days we...

This Is How you Design a Digital Communication Strategy for a Tourist Destination

The Comtur 2.0 project, in which professors from the Malaga, Vigo and Surrey (UK) campuses of the Universidad Rovira i Virgili participated, between 2013 and 2016 focused on studying the use and influence of social media and "communication 2.0" in making tourism-related decisions and in the brand image of destinations ....

José Antonio R. Piedrabuena -- Interview with Marisa López Redondo, doctor in Biochemistry at IBV-CSIC

Dr. Piedrabuena interviews Marisa López Redondo, PhD in Biochemistry and head of the electron microscopy area at the IBV-CSIC Protein Synthesis Regulation Unit, about future research on proteins related to COVID-19. This VIDEO can be reproduced as long as it is available....

Alberto Cantero -- "We have brought more than 5,000m³ of medical equipment to Spain".

Alberto Cantero, CEO of Gamma Health, explains in a new PROA video how they helped their clients during the state of alarm. "In the first months of the pandemic, we brought more than 5,000m³ of medical equipment to Spain," he says. In addition, he details the characteristics of the Covid Wiseprotec anti-Covid mask,...

More conversations, more ideas, more PROA.
Follow us on our networks.

Receive ideas with criteria

Every week we share reflections, trends and the key aspects of about reputation, strategic communication, public affairs and innovation. Content designed for professionals who value information with diligence and perspective.