World Password Day: 10 tips for creating and maintaining a strong password

May 5th is World Password Day. The date was created to discuss the security of accounts, profiles and virtual registrations. One of the most frequent problems related to internet security is data leakage, and with the introduction of hybrid work, this topic is becoming even more relevant for the population. According to a report published by NordPass, one of the leading password management services, over 125 million Brazilian citizen credentials were leaked in 2021 alone.

Thinking about how to help people and companies, Christian Souza, professor at the Instituto DARYUS de Ensino Superior Paulista (IDESP) and cybersecurity consultant at DARYUS Consultoria, offers some simple tips for creating or maintaining a highly secure password:

World Password Day Tips

1. Do not use personal information to generate passwords: Pet names, dates of birth, phone numbers, etc. can be targeted by cybercriminals as this information can be found on social media or in data breaches.
2. Use a different password for each service: Using different passwords prevents more than one service from being compromised if one of them leaks or breaks.
3. Follow the right password policy: According to NordPass, the most used password in Brazil in 2021 remains 123456. It takes less than 1 second to crack this type of password. Therefore, passwords must be strong, more than 8 characters long, including uppercase and lowercase letters, numbers, and special characters.
4. Turn on 2-Step VerificationA: The second factor of authentication is an extra layer of protection for your password. According to Microsoft, 99.9% of attacks on accounts could be prevented simply by enabling the second factor of authentication.
5. Avoid saving passwords in the browserA: Passwords stored in browsers can be intercepted and decrypted if a person has physical access to your computer. In addition, some malware families can also perform this action in case of a successful infection.
6. Manage your credentials through password vaultsA: These tools use strong encryption to store credentials. With just one master password, you can access all the others present in your safe. Free and paid solutions are available, the most popular being 1password, LastPass and KeePassXC.
7. Use a VPN when connecting to public or unknown networks: Hackers can intercept credentials on public networks if such information is transmitted over insecure protocols. If you need to connect to an unknown network, use a virtual private network (VPN) to keep your data moving securely.
8. Never send passwords in messages or email: Public credentials allow hackers to gain immediate access to your services (without having to hack them). If you need to share credentials, use the password vault sharing feature. This function sends a secure temporary link to the recipient.
9. Beware of websites phishing: Many users end up exposing their credentials by providing data on fake websites. Therefore, always check the links you go to and that they use secure protocols for data transfer. Services like PhishTank and Google Safe Browsing allow you to check if an address is malicious based on reports from other users.
10. Check if your information has already appeared in data leaks: Sites such as https://haveibeenpwned.com and https://www.dehashed.com allow you to determine via email whether your personal data (including passwords) has already been leaked. So you can anticipate and change your credentials quickly.

About Darius Consulting

Grupo Daryus, a Brazilian company with experience in the national and international market, is a benchmark in the provision of consulting and education services. Daryus Consultoria, the strategic business unit of the Group, integrates the areas of business continuity and risk management, IT management and governance, privacy and personal data protection (LGPD), and information and cyber security.

Since 1998, he has been providing business, strategy and risk management support to his clients and, as a result, serves leading organizations in various segments. Its international partners are: DRII, EXIN, ISACA, PECB, PeopleCert, Axelos and DMI. Awards received include SECMASTER 2006 from ISSA International and Infragard USA 2011. For more information, visit the Daryus Consultoria website.

Talk to us in the comments and let us know if you liked this news and take the opportunity to read more news on our website.