Protecting ourselves in the digital realm: the importance of passwords
In the digital world we live in, passwords are the keys protecting our most sensible information. They are the first line of defence against unwanted intrusions and non-authorised accesses to our either work related or personal online accounts.
Despite the crucial importance of passwords, we often tend to keep and manage them in a negligent and risky way. In this article we will deepen our understanding of this vital topic in the cybersecurity field, helping to avoid identity thefts and privacy violations.
Before reaching complexity let’s start with the basics: passwords are strings of characters used to verify the identity of a user accessing an online system or account.
Password safety depends on many factors, some of them are considered more secure than others because of various characteristics. Here we have a few points influencing a password strength:
Length: In general, longer passwords offer a greater safety. On the contrary, shorter passwords may be guessed more easily through attacks such as the brute force or through the aid of dictionaries. The cause is found in the number of possible combinations, which is exponentially larger in longer passwords.
Complexity: A good password is composed of a combination between Upper-case and Lower-case letters, numbers, and special characters. Passwords containing only lower-case letters are less secure than the ones including a diverse variety of characters, because the possible combinations for each password character are:
- With only letters: 26 combinations for each digited character
- With upper-case and lower-case letters: 26x2 combinations for each digited character
- With letters and numbers: 26x2+10 combinations for each digited character
- With letters, numbers and special characters: 26x2+10+33 combinations for each digited character
What does this mean? Let’s take a 6-digit password as example:
- With only letters: 26 possible letters for each digit means 26 ^6 possible combinations
- With upper-case and lower-case letters: (26x2) ^6
- With letters and numbers: (26x2+10) ^6 possible combinations
- With letters, numbers and special characters: (26x2+10+33 )^6 possible combinations
From these calculations we understand that the password length in combination with the number of characters are two crucial variables in the creation of a strong password.
Sequence: Password such as “123456”, “password” or sequences such as "qwerty” are extremely weak, as they can be easily guessed through an attack based on dictionaries.
It is a hacking method through which an aggressor attempts to guess a password trying a series of keywords in a dictionary or a default list of words.
This kind of attack is based upon the idea that many people use common or easily guessable words as passwords. Using a specific software or script, the attacker tries to gain access to a system or an account, trying every word of the dictionary one after the other as the password. This process can be automated to issue a great number of attempts in a rapid way.
Type of information: Using personal information such as our names, date of birth or our domestic pet’s name will make our password vulnerable, as this information can be easily obtained or deduced.
Unicity: Using the same password for multiple accounts increases the risk of compromission, because if one of the accounts got violated, all the other passwords would get exposed to a risk.
Frequent change of the password: Changing passwords periodically can help reduce the risk of non-authorised accesses in the case of compromised password. This is why in many realities it is asked to change the password periodically.
Using preset passwords: Preset passwords issued by services or devices can be easily guessed by attackers, because being not random, they are subject to attacks using dictionaries.
Usually, a strong password is a compromise between length, complexity while being easy to memorise. Although nowadays, each one of us may have different accounts spread over various online services, this results in having many passwords to memorise. For this reason, password managers were born.
Relying on a password manager “should” be one of the safest and handiest solutions. These tools in fact create and memorise complex passwords for each account, requesting only a main password to access the entire archive. In that case though, local solutions protected by biometric authentication is always preferable (for example the fingerprint on our smartphone) against in-cloud solutions, to guarantee the maximum level of privacy and avoid account or personal data/sensible information theft.
We at Oplon Networks have always been extremely careful in these regards, and because of this, we developed the app ‘Oplon Authenticator’, which does not only provide double factor authentication based on TOTP (Time-based one-time password), but also the possibility of saving personal account credentials inside an archive crypted by biometry, without sharing data in cloud.
The solution developed by us is also highly compliant to GDPR, as it respects every single guideline of the NCA measures (opens in a new tab) (National Cybersecurity Agency) and the personal data protection guarantor issued on December 2023, in which are highlighted all the most important technic requirements to be met. Oplon Networks has also added auxiliary functionalities of information safety and protection on virtual appliances, on-premises and in cloud.