1961 was the first year that evidence has been found of the invention or use of passwords. MIT scientists devised a system that allowed users to connect to a single device and share it. They had to be able distinguish who was accessing what at what time. This is how passwords and usernames were created.

With the many applications that have been developed over the years, it became increasingly popular. It allowed applications to identify the person they were interacting with and save their personal data.

As banks started to use the Internet extensively at the start of the 21st century, more serious issues with passwords emerged. Cybercriminals discovered that these keys were easily accessible over time.

It is easy to get used to passwords that are simple to remember. These passwords are easy to remember and can be used by cybercriminals quickly if they have a bit of information about the person.

A series of questions that the user was required to answer were created to help users remember the information they had provided at registration. The most common is the name of your pet.

Let’s not forget the Paris Hilton attack years ago. Cybercriminals were able access files saved on their mobile phones by simply answering the question about the pet’s name (a chihuahua they had not separated from). They were able retrieve Hilton’s password by answering correctly

Bill Burr, the manager of the National Institute of Standards and Technology of the United States wrote a document in 2003 that contained a list of tricks for creating the most secure passwords.

Burr established the rule of using letters, numbers, uppercase and lowercase characters, as well as special characters, to create complex passwords that were more complicated than those most people use today. It was not what he thought.

Burr ended his apology by saying that he had created this document and these tricks. Burr had created a system that required the user to remember extremely complex passwords, which was impossible to keep. Although we might only remember one or two people, the system was impossible to keep track of with all the services available on the internet. People quickly forget passwords that aren’t clear to them.

It is best to start with a well-known word, which is often a common one. However, changing numbers or some sign is not an option. It is not only more difficult to remember, but also gives us the illusion of security, as we can use a completely secure password system.

Computer programs can generate passwords using lists of words from a dictionary. These programs can change the numbers of letters, add numbers in front and behind, or create special characters.

These tools allow you to create completely random combinations of numbers, letters, and characters or permutations thereof from a few words that might be more or less closely related to the people you are trying to attack. You could, for example, create names that are related to a particular soccer team with athletes and years.

These programs can create a list of millions of combinations of letters or numbers in seconds. They are then tested on websites asking for usernames and passwords until they find the right one.

Passwords are still a constant part of our lives. All systems today are built on this method of identifying yourself. It is important to be able to use complex passwords in a way that is simple to remember. They cannot be either directly recognized words or meaningless combinations of letters, numbers and symbols that we don’t remember.

Two strategies can be used to create passwords that are easy to remember.

First, you need to be able to recall a phrase or proverb from a book and then customize it for each service where you want to use a passphrase. Consider the Miguel de Cervantes book El ingenioso hidalgo don Quijote de la Mancha. It begins with this sentence: “In a part of the la Mancha, whose names I do not want, there lived not long ago a hidalgo…. We can make a long password that makes no sense if we only use the first letters and signs.

This key can be modified to suit the needs of any website. We can insert a concept for the bank (which is five letters) at the fifth position. For example, we could use a separation sign like, -?, : etc. It would look something like E1ldl FuerT M,dc2nqa. We just need to repeat the phrase, and then add the first letters and web address. It is much easier to remember this password than any random combination of 19 characters.

A password manager is another option. This application can be downloaded on our mobiles or via the browser. It allows us to save all the passwords we have created. This will allow us to only remember the one that unlocks the application, and then we can search for the password we need.

These tools have a problem: we will always need our mobile phones to determine the password to use in each case, and to remember to change these passwords.

You should also be careful installing such an app. Cybercriminals will create similar apps and send us our passwords, including those for bank and email accounts, directly. We should carefully review the comments and the date it was created before installing. Even so, we need to be cautious. These tools can be useful but we are ultimately relying upon an application created by third parties we don’t know and not our ability to retain a sentence.

To authenticate someone in a web-based or face-to–face service, there are three ways to do it: what we know and what we have. We have the passwords in our memory. In general biometrics, we are the fingerprints and the iris. We have a device that we can send a unique code, such as the phone.

Since long time, it has been well known that using one authentication factor can pose a security risk. This is why banks and other services use two. They also send us a unique code that validates the actions we take. The latest phones have biometrics that allow us to access the websites we wish to save.

These authentication factors can be used to ensure that passwords will last for many years. This second authentication factor should be activated in all systems that allow it. It is especially important for shopping websites and those that have saved credit cards to buy, email, or both.

Even if cybercriminals do manage to get the password, they won’t be able have the same device or fingerprint. These new methods aren’t as easy to hack, so we have more protection than just our pet name or favorite football team.

This article was published in “The Conversation”.