World Password Day, the best way to protect your passwords is not to remember them

World Password Day is celebrated every year on the first Thursday of May and it is an opportunity to refresh the culture of online and offline safety.

Punctual, every year, the ranking of the most popular passwords returns and, even on this occasion, there are no exceptions: worldwide the most used is passwordwhile in Italy the string remains firmly in command 1 2 3 4 5 6. Once the case data has been disclosed, we focus on a study drawn up by NordPass, a company that offers a password manager, according to which, access keys are a source of stress and especially mental malaise. We have asked a security expert what technique do you use to keep your passwords safe.

Meninges and passwords

An Internet user, according to NordPass, must manage between 70 and 80 passwords, a figure that rises for those who make extensive use of the Internet and the services it offers. In addition, they spend 7 to 12 hours each year remembering passwords or resetting forgotten ones.

Added to that is that thread of anxiety that can animate worries of those who fear a violation of their online and offline accounts, in a context in which news of leaks follow each other regularly.

In short, managing passwords is a mental stress that is starting to take its toll. But then, what is the most suitable solution? Remember one password, really strong, and forget all the others.

Password managers

They are software that can be installed on devices or online services, but we will return to this difference shortly. They have huge advantages, starting with the fact that generate strong passwords (for example N+k2?PU}}L2^2Wb:) and which can remind users to change their password after a variable number of days. They identify too weak passwords, chosen by users, and capitalize on a simple but rarely applied logic:

· never use passwords already used;

· never use passwords similar to those already used previously, for example by changing the final number of the access key;

· never use the same password for multiple services;

· change passwords regularly.

Leaving the password manager to generate long and strong passwords, and therefore difficult to memorizeit will only be necessary to remember the password chosen to access the manager itself which, of course, must also be robust.

There are many password managers, some free and some paid. The most sensitive problem is deciding whether to use one online or to install on your device. The leak to which the LastPass online service has been subjected should make you think, because the password manager has been hacked and some users’ information has been stolen. Better, then, to resort to a solution to be physically installed on computers or mobile devices, less practical to use in some circumstances but more effective. Between safety and ease of use, the former is preferable.

Curiosity

Divorces Italian style but in tech sauce: when maps, selfies and social networks reveal betrayal

by Gabriele Franco

April 25, 2023

Expert advice

Gabriel Faggioli, head of the Cybersecurity Observatory of the Milan Polytechnic and CEO of Digital360, at our request, offers a personal suggestion: “Tradition suggests using 8-character passwords, with uppercase and lowercase letters, numbers, special characters, which are not words of complete meaning or attributable to the person (for example the tax code, a date of birth or the number plate of the car) and to use a different one for each service accessed, without writing them anywhere, changing them every 3 months – he reminded us – This excellent advice, however, is totally inapplicable . For this reason, in 2023 the first option to consider would be use multi factor authentication (two-factor authentication, ed) wherever possible. I too try to always use multi factor authentication, when not possible I have created alphanumeric sequences that have meaning only for me using some wildcard characters of my preference. All that being nonsense, I think they are reasonably safe.”

Here you are. Password managers do all of that. We have written other tips herealong with instructions for turning on two-factor authentication.