The most common mistakes and the safest method to protect your accounts

On the first Thursday of May the Password day. And while the “day of” are usually commercial conventions, it is a new opportunity to remember about the importance of protecting our digital accounts and leaving behind weak keys such as the classic – and still popular – “123456”. In addition to always activating the second authentication factor in our accounts.

In a context where data leaks in Argentina have been alarming, this date takes on more relevance than ever. Just to appoint recent cases, in 2024, a cyber of Elinfire published in a specialized forum a database with 59 million renaper records.

during 2024 there were 1.7 billion stolen credentials (that is, user/password) shared in the Dark Web forums, according to Fortiguard Labs (Fortinet) statistics. And another study takes a sampling that denotes that 59% of the keys used can be guess in less than an hour.

Password safety is in the center of the debate: according to NordPass, the password “123456” is still used a lot and an online security survey conducted by Google and Harris Poll before the pandemia revealed that at least 65 % of people They reuse their passwords in several sitesif not all, which exposes them to attacks on large -scale credentials.

“In an era where data leaks and malware Of data theft are current currency, a safety strategy authenticated only with passwords represents a high risk, since if the credentials are stolen, the attacker can impersonate the user’s identity. In that line, it is key to adopt a zero trust strategy, where the user’s identity should be validated in multiple forms. Tools such as the double authentication factor or authentication without passwords went from being desirable to use them to become necessary, “he tells Clarion Alejandro Botter, Security Engineering Manager of the cybersecurity company Check Point.

If it was already normal for Passwords to be filtered before the AI ​​boom, with this new irruption the panorama is even more complex.

A fact to keep in mind is that Fortiguard’s intelligence report underlines cyber attacks during 2024, based on the use of automation tools that facilitate work to cybercriminals: program bots that allow multiple attacks to be carried out simultaneously, with 36,000 scanns per second. This makes, before the classic user question of “And why would they want to enter my accounts?” It doesn’t make sense anymore: all our information is worth the cybercriminals.

Kaspersky detected more than 32 million attack attempts with “password thieves” in Latin America for 2023, a figure just below the more than 40 million registered in 2022. According to the results of another investigation, 45% of all the analyzed passwords can be divided by the scammers in less than a minute, and only 23% were to be resistant enough: one year.

Check Point Research, intelligence division of the cybersecurity company, warns that, in the midst of this scenario, an argument is opened on whether the era of traditional passwords should come to an end, replaced by more modern mechanisms such as the biometric authentication.

From Fortinet they explain that the methods for stealing credentials are increasingly varied: from phishing and social engineering techniques, to the interception of traffic through specialized software that captures sensitive data in little safe networks -motive by which you always have to do backups-.

Kaspersky brings another worrying fact: one in five people in the region was a victim of the theft of at least one online account. In countries like Chile and Peru, this percentage exceeds 23%, while in Argentina and Brazil it is 18%.

Check Point offers a guide to improve our keys:

• More complexity and length: It is recommended to combine letters, numbers and password symbols between at least 12 and 16 characters. From the 18 characters, the difficulty in deciphering them is multiplied. You should also avoid using personal information, such as birth dates.

• Do not reuse them: Each account must have its unique key. A good strategy is to use easy to remember but difficult to guess phrases, such as meryhadalittlelamb, or a safer version with symbols and numbers: #m3ryhad@l1ttlel4m8.

• Update them periodically: Changing keys can often reduce risk against possible leaks. Services such as have Ien Pwned allow verifying if any account was compromised.

• Activate multifactor authentication (MFA): This step is key to avoiding unauthorized accesses even if a password was violated.

Arturo Torres, Fortiguard Labs cybersecurity strategist for Latin America and the Caribbean, summarizes it as follows: “It is almost impossible to draw a complete list of how passwords can be steal. That is why it is essential to adopt safe habits from the beginning.”

And what is the beginning? Consider using a passwords manager (see here) or, failing that, migrate to “passkeys”.

Some technological companies already promote alternative mechanisms, such as passkeys or digital access keys. Google, for example, allows you to log in without password through these methods.

“It is a type of ‘digital credential’ that is used as a method of authentication (that is, so that a system can verify that a user is effectively who says it is). It is safer than a password because it is not necessary of the Argentine Base4 Security company.

“And the paradox is resolved by thinking: if I need access to 100 services, applications, websites, I have to, either repeat passwords, or run the risk of not remembering them, and needing a password manager. With a passkey, it reaches me with a single device for the 100 services. If I allow the poetic license: a passkey is equivalent to using passwords of hundreds of characters,” From San Francisco, at the RSA Security Conference.

The problem is that, even, many platforms still depend on Traditional keys. Although sectors such as the financial already adopted methods such as physical tokens or temporary verification codes, the complete transition will not be simple.

The recommendation of experts is also clear: “Whenever you can kill a password, open: The world will be a safer place, “closes a veteran of the industry.