This is a process by which the strength and security of passwords are evaluated. It is recommended to perform this action periodically to assess that the users of your company are not using common words or related to their day-to-day, which can greatly facilitate the theft of credentials.
This analysis is carried out with password decryption techniques, brute force and dictionary attacks, as well as the incorporation of frequently used keywords in passwords. The latest generation password analysis involves the use of advanced algorithms and techniques, such as artificial intelligence and machine learning, to more accurately identify weak passwords.
Weaknesses when choosing a password
When an attacker needs to access a target account, they are going to try a series of combinations that very frequently work, for example, the name of the company and the year. An example with Flameera would be the password “flameera2024” or in its possible variants that do NOT make it more secure “Fl@meera2024*”, “flam33r4_2024$”, etc. Another bad practice is to include the month or season at the beginning or end, for example, “flameeraSummer” or “januaryflameera”.
How to choose a secure password
A secure password should be generated based on whether you want to learn it, or if you don’t need to learn it.
- If you want to learn it, it is recommended to use complete phrases or combinations of words that you will not forget, for example: “howhardistheartist’slifeandhowilovetodanceonthedancefloor”
- If you don’t need to learn it because you use a password manager like KeePass, it is recommended to generate completely random passwords with uppercase, lowercase, numbers, and symbols, of at least 20 characters.