According to a study by Britain's national cyber security centers, millions of people are trying to protect their data on the Internet with very weak or easy-to-read passwords. According to the report, over 23 million people worldwide use the numerical sequence "123456" as a password to "secure" their private accounts. The second most popular password is "123456789", spent 7.7 million times. In addition, the survey showed that thousands of users choose passwords with names of fictitious characters, their football team or the names of famous artists. For the researcher at ESET security company Cecilia Pastorino, "many users are not aware of the value of the information they provide when using social networks or different services or the consequences they may have for their integrity."
study, which concluded that millions of people "facilitate cyber criminals' work with weak or predictable keys" analyzed the 1
According to the investigated data, the third place in the list of the most commonly used keys is "qwerty" (the combination of the first six letters on the keyboard, when read from left to right) by 3.8 million, followed by "password" (password in English), 3.6 million and "1111111" 3.1 million.
The analysis, which emerged from data gathered by cybersecurity expert Troy Hunt, also points out that netizens use to access web services such as home banking, email accounts, social networks or platforms for online purchases, the real names of football clubs or fictitious characters. The most popular: Michael, Daniel, Jessica, Charlie or Ashley, the latter employed by more than 432,000 people; Among football teams: Liverpool, Chelsea or Arsenal, to name a few, were selected by more than 600,000 people; and among the fictitious characters, with almost a million passwords: Superman, Naruto, Pokemon or Batman.
For Pastorino, it is necessary to relativize the figures a bit because most of the studies are made on databases that have been stolen and published on the Internet without being able to distinguish who belong to natural persons and who were test accounts or to be used only once. But he pointed out that "there are still many who use these completely insecure passwords".
"The starting point is to understand what we protect and for what purpose. People are not aware that the information they provide when using services has a value. Not just on the black market, where credit card data is sold, databases and where you can buy a digital identity, but also for companies that make millions with user data, explains Pastorino and notes that "When the user begins to realize not only the danger it poses to their personal data but their profile in social networks has value, they also begin to think about how to manage their passwords. "
In this way, he warned that the main error of Internet users should use very short keys, with numbers or letters only, or using words that can be derived from the user's environment based on the analysis of their social network. The second key function is not to resort to the second factor for authentication.
To pray rj talk about a minimal robust password, Pastorino said that "the basic recommendation is that the password is something that can be remembered so that it does not end up typing in any page With 8 characters with letters, numbers and symbols, and a little complement that the second authentication factor that may be a text or coordinate card ". "It is preferable with a key of 20 characters that you do not agree on," he said. He added that "when we talk about authentication, there are three ways: with what you know, the password; second, with what you have, which can be an SMS or the coordinate card; and thirdly, with what you are, by face recognition, voice, fingerprints, that is, through the biometric system. The idea is to combine at least two of these factors. "
But the specialist, who pointed out that" today is not enough a password without any other authentication factor ", said that if you do not to use it, you must then set a password from 20 to 30 characters ". If so," can be with numbers, letters, symbols, uppercase and lowercase letters, or a sequence of names separated by symbols, members of a band, someone phrase by a song. You need to build your own mnemonic rule to make it easy to remember and difficult to guess. "
The second recommendation is that, in view of the need to use multiple passwords, since it is not safe to use it on different platforms, there is one of the key management services, such as KeePass, which is a free and open source solution manager. .