If you are one of those who use easy -to -remember passwords, but three words long, you should know that the police and even cybercriminals can means to guess them in 77 % of cases.
Using the same memorable passwords on several sites is the perfect recipe to compromise the security of your access, both by security authorities as by computer hackers.
Read: Windows users, are you ready for access keys?
Badly poor, weak link by which criminal attackers and police can access your data, despite all the efforts made by large technological companies to replace it with safety keys, the humble password is not ready to disappear.
Earlier this week, I asked for support from my online brokerage bank if it was going to go to access keys. Answer: “It is not in our upcoming projects”.
Forbes mentions the methods of creating secure passwords, supported by organizations such as the National Center for Cybersecurity of the United Kingdom, which suggest pass sentences composed of three random words. These sentences are supposed to be easy to memorize and solid enough to prevent cybercriminals from entering. This advice, it seems, is today put into pieces by a new study.
-Easy to break with 30% of the words of the dictionary
Optimizing Password Cracking for Digital Investigationsthis is the name of the study reported by Forbes and written by researchers from the universities of Plymouth and Jönköping, who confirmed that “up to 77.5 % of passwords created in this way can be deciphered by using a lot of only 30 % of the Dictionary’s current words”.
In short, if your passwords do not look like “SIQXI1-VAXBEX-NIZQOX” (example suggested by my Apple password application), your safety identifiers are vulnerable.
What to do?
We should all use a password manager, so ignore the pass sentence, regardless of its length, and rather opt for a stupidly long, random and complex password. You don’t have to remember, leave this work to your password manager.
Authentication with two factors and access key
As for the activation of two -factor authentication (A2F), it does not strictly speaking passwords, but rather remains a recommendation concerning the protection of the connection. The A2F is only an additional layer which uses another means of verification, usually a code sent to your email address. Avoid text messages (SMS) deemed to be unsafe.
Finally, access keys use biometric authentication already present on your device (such as your fingerprint) to connect to a site or service. They are, by default, solid, resistant to phishing and social engineering, and easy to create and use with its password manager.
To read: Apple, goodbye passwords, here are the access keys
