You may not know it, but AVANTIC claims that the main method used by cybercriminals around the world to guess a password is “Brute Force”, which consists of trying all possible combinations through the use of algorithms or dictionaries of common words and keys.
Faced with this reality, Francisco Fernández, general manager of AVANTIC, expresses that the objective of creating a complex password is precisely to make it very difficult to guess or discover. “To achieve this, it is crucial that the individual combines upper and lower case letters, numbers and special characters when building it, since this will increase its levels of complexity and robustness,” comments the executive.
An additional recommendation that the expert provides is to use a minimum of 8 characters to create a key, because the longer it is, the more difficult it will be to discover it.
Regarding the frequency with which a password should be changed, Francisco Fernández states that the ideal is to do it every three months and under no circumstances use the same password for the different services or platforms visited on the Internet.
“Our recommendation is that the user has a password manager for each of the services they use in cyberspace, whether banks, SII, RRSS, email accounts, streaming services, etc.), since said tool – along with generating keys that are difficult to guess – prevents the person from using the same one for all platforms or services,” he maintains.
What not to do
Another of AVANTIC’s tips is to not use words or data related to the user, such as first and last name, RUT, date of birth, address, etc., when creating a password. “Currently, it is very easy to find information related to a person’s RUT or date of birth on the Internet. Likewise, there is an entire black market where databases with addresses, emails, phone numbers, etc. are sold,” adds the professional.
Francisco Fernández points out that it is also essential that users and organizations establish controls that prevent brute force attacks, such as, for example, that after five failed logins a specific user account is blocked for five minutes, as this will help, to a large extent, rendering any brute force attack ineffective.
To find out if the passwords that a person has have been violated, the general manager of AVANTIC comments that there are various websites on the Internet that provide information about accounts that have been violated by cybercriminals. To do this, the interested party must enter only their email address and they will be able to know which of their services have been infringed.
Meanwhile, if you want to know how difficult it is to decipher one or more of the passwords currently used, those interested can safely visit the following site: https://password.kaspersky.com/
