User password security

It is basic that a password must have strong enought for avoid basic hacker attacks. Even if you think that the online service you are using is not a place where you store anything valuable.

It does not matter whether you store in that service is really unimportant.The theft of an unimportant account can open the doors to other more important ones.

Even if you think that no one will be interested in stealing your access to it. Since this assessment of the content of your account will not be done by the hacker, as many launch automated processes that try to take over user accounts randomly and without taking into account the contents that the user may have.

That account, even if it is not important, is part of your security chain, and is therefore one more link in the chain. Your security is only as strong as the strength of the weakest link.

I reinforce this statement with an example: a house is only as secure as its weakest window or exterior door. If the window is at the top it will be less accessible, but if the burglar has the means, they will get to it, and then enter through there.

You are also likely to use the same password on more than one service, which is a big security mistake.

You probably think that each user account in each service is a different house, however this is not so, the accounts are not isolated. If they steal your access to an account, they can contact your environment from it, making believe that it is you. Or they could even contact you yourself to change the password or validate it in some way, getting more information about you and your accounts.

When a password is a bad password?

A password is bad, or rather insecure, when it is easy to guess, because it resembles the user's own name, because it contains a dictionary word, because it is used worldwide, such as 1234.

Let's imagine that we choose a password that is not 1234, it is 2020 because we are in 2020, well the brute force would try first with the number 0, then with 1, followed by 2, and so on until it reaches the number 2020 or in fact, any other number, at which point it would guess our password by the brute force system.

Do not think that 2,000 access attempts, 10,000 or 1,000,000,000 is something difficult and improbable, no, I repeat, attacks are carried out in an organized manner, from several points, using bots, and launching a multitude of simultaneous requests so that the work is distributed and the effort is constant, so it is a matter of days to find a numerical password or dictionary.

For this reason our password access to any network should never be a sequence of numbers, nor contain numbers only, nor complete words, nor dictionary words, since brute force attacks usually resort to this type of dictionaries.

If we also combine a good password with a complex user name, which does not correspond 100% with our name, including numbers other than those of our year of birth or the current year, we will achieve a combination that is difficult to break.