When developers work in the design of projects or applications, on many occasions they need to introduce user identification processes which very often depend on a user name and a password. The user’s privacy level is based on this password, and users are ultimately the end customers of a digital product or service.
Without security there are no products or services on the Internet. We only think about security when someone puts it at risk, breaches it and accesses private data that should be protected. Whenever it happens it is an excess. Emails, online payment services, mobile applications… Users tend to use passwords that are easy to remember, but the risk of being compromised by an attack is particularly high.
On many occasions it is not even a problem of the user, but of the levels of security, that are beyond their control. According to a security report by Akamai for the third quarter of 2015, the number of the most common DDoS attacks against web applications soared: SQL injection (SQLi), local fileinclusion(LFI), remote file inclusion (RFI), PHP injection (PHPi), command injection (CMDi), OGNL Java injection and malicious file uploading (MFU). These attacks sometimes target servers that store hundreds of websites and passwords, and when they are hacked, security is also hacked. Sometimes, Internet companies as prestigious as the social network Facebook or the chat service Snapchat.
Apart from DDoS attacks, there are another two password theft methods widely used in digital crime:
● Brute-force attacks, which are extensively used by pirates to breach the security of systems or users, checking in a series of steps possible combinations to find the password.
● Dictionary attacks, a cracking method used to find out a specific password by checking all the words in the dictionary. These methods require changes when choosing passwords.
Usual tips for choosing a strong password
There are some practical tips that improve the security of the passwords used by users to validate themselves in authentication systems. Some of them are repeated hundreds of times:
● Creating passwords with eight or more characters: breaching a password’s security can be a matter of combinations and time. The fewer characters a password has, the lower the number of combinations needed to discover it. Today it is estimated that a password with more than eight characters has high security levels.
● The perfect password combines letters and numbers: among the most unsafe passwords in the world are those that only have numbers (‘1234’) or letters (‘password’). The combination of letters and numbers increases the level of security.
● Using keyboard symbols: if keyboard symbols are included in the password, the level of security against possible hacking attacks is higher. Examples of symbols that can be used: $ % & € # () [] @.
● Increasing the number of passwords used for email, payment services or social networks: if the user has a single password for all the services used, the risk is very high because if it is lost the user will be more exposed than a more conservative user.
● Not saving passwords when logging on: leaving passwords saved on the computer when accessing a social network or an email service means that third parties can gain access by simply knowing the user name. It is also a good idea to log off when leaving places where passwords have been used.
Passphrases, the best option
Passphrases are the safest option against any attempt to breach security and they also provide a number of interesting benefits for users, benefits that sometimes lead them to choose unsafe passwords: for example, the ability to remember them easily. This type of passphrases abandon the concept of password and opt for constructions with a greater number of characters, letters and also numbers.
● No set phrases or phrases found in literature or music.
● With no words that can be found in the dictionary.
● They do not contain the user name, company name or real name.
● Look for new passphrases.
How to create the right passphrase?
First, choose a fact or thought that is easy to remember. And then, mask it by using the recommendations we have already given. Valid examples for a passphrase:
● Fact: ‘My date of birth is January 23, 1992’. Suitable passphrase: M1d@t30f8irTh01/23/1992)(.
● Thought: ‘I love reading comics’. Safe passphrase: 1L0v3R3@d1ngc0m1cs[]. Shorter than the first one and related to a personal hobby that is very easy to remember.
Both have between 20 and 30 characters, they combine letters, numbers and keyboard symbols, they are not phrases that are found in literature or music, they are not real names, user names or company names, and they are new.
Open finance is expected to be regulated over the next few years, leading to a new open data ecosystem Open finance is making its way into the legal system through the consolidation of several initiatives that will lend it legal protection. Once this is complete, customers will have an open finance framework that protects their data […]
Ecommerce has continued to grow steadily in Spain, except during the pandemic, which has already been overcome in terms of online shopping. Ecommerce has been making inroads among the Spanish for over two decades. In 2000, it was a marginal and niche activity. Now it is almost universal. Almost all Spaniards with internet access shop online […]
QR code payment is an alternative form of mobile payment that requires no card chip or NFC technology: just a camera and an internet connection Payments with a QR code are increasingly popular among younger consumers and tourists, as well as one of the most demanded forms of payment, especially by Chinese visitors to Spain. […]
Please, if you can't find it, check your spam folder
×
The email message with your ebook is on the way
We have sent you two messages. One with the requested ebook and one to confirm your email address and start receiving the newsletter and/or other commercial communications from BBVA API_Market
×
PROCESSING OF PERSONAL DATA
Who is the Data Controller of your personal data?
Banco Bilbao Vizcaya Argentaria, S.A. (“BBVA“) with registered address at Plaza de San Nicolás 4, 48005, Bilbao, España and Tax ID number A-48265169 . Email address: contact.bbvaapimarket@bbva.com
What for and why does BBVA use your personal data for?
For those activities among the following for which you give your consent by checking the corresponding box:
to receive newsletter from BBVA API_Market through electronic means;
to send you commercial communications, events and surveys relating to BBVA API_Market to the e-mail address you have provided.
For how long we will keep your data?
We will keep your data until you unsubscribe from receiving our newsletter or, if applicable, the commercial communications, events and surveys to which you have subscribed. Whether you unsubscribe or whether BBVA decides to end the service, your details will be deleted.
How can I unsubscribe to stop receiving newsletters and/or communications from BBVA API_Market?
You can unsubscribe at any time and without need to indicate any justification, by sending an email to the following address: contact.bbvaapimarket@bbva.com
To whom will we communicate your data?
We will not transfer your personal data to third parties, unless it is mandatory by a law or if you have previously agreed to do so.
What are your rights when you provide us with your information?
You will be able to consult your personal data included in BBVA files (access right)
You can modify your personal data when they are inaccurate (correction right)
You may request that your personal data not be processed (opposition right)
You may request your personal data be deleted (suppression right)
You can request a limitation on the processing of your data in the allowed cases (right of limitation of processing)
You will be able to receive, in electronic format, the personal data you have provided to us, as well as to transmit them to another entity (portability right)
You are responsible for the accuracy of the personal data you provide to BBVA and to keep them duly updated. If you believe that we have not processed your personal data in accordance with regulations, you can contact the Data Protection Officer of BBVA at the following address dpogrupobbva@bbva.com.
You can find more information in the “Personal Data Protection Policy” document on this website.
×
PROCESSING OF PERSONAL DATA
Who is the Data Controller of your personal data? Banco Bilbao Vizcaya Argentaria, S.A (“BBVA“), with registered address at Plaza de San Nicolás 4, 48005, Bilbao, España, and Tax ID No. A-48265169. Email address:contact.bbvaapimarket@bbva.com
What for and why does BBVA use your personal data for?
For the execution and management of your request, specifically, download the requested e-book/s.
BBVA informs you that, unless you indicate your opposition by sending an email to the following address: contact.bbvaapimarket@bbva.com, BBVA may send you commercial communications, surveys and events related to products and/or services of BBVA API Market through electronic means.
For how long we will keep your data?
We will keep your data as long as necessary for the management of your request, and to receive commercial communications, events and surveys. BBVA will keep your data until you unsubscribe to stop receiving our newsletters or, where appropriate, until the end of the service. Afterwards, we will destroy your data.
How can I unsubscribe to stop receiving newsletters and/or communications from BBVA API Market?
You can unsubscribe at any time and without need to indicate any justification, by sending an email to the following address: contact.bbvaapimarket@bbva.com
To whom will we communicate your data?
We will not transfer your personal data to third parties, unless it is mandatory by a law or if you have previously agreed to do so.
What are your rights when you provide us with your information?
You will be able to consult your personal data included in BBVA files (access right)
You can modify your personal data when they are inaccurate (correction right)
You may request that your personal data not be processed (opposition right)
You may request your personal data be deleted (suppression right)
You can request a limitation on the processing of your data in the allowed cases (right of limitation of processing)
You will be able to receive, in electronic format, the personal data you have provided to us, as well as to transmit them to another entity (portability right)
You can exercise before BBVA the aforementioned rights through the following address: contact.bbvaapimarket@bbva.com
You are responsible for the accuracy of the personal data you provide to BBVA and to keep them duly updated.
If you believe that we have not processed your personal data in accordance with the regulations, you can contact the Data Protection Officer at the following address: dpogrupobbva@bbva.com
You can find more information in the “Personal Data Protection Policy” document on this website.
Banco Bilbao Vizcaya Argentaria, S.A. owner of this portal uses cookies and/or similar technologies of its own and third parties for the purposes of personalization, analytics, behavioral advertising or advertising related to your preferences based on a profile prepared from your browsing habits (e.g. pages visited). If you wish to obtain more detailed information, consult our Cookies Policy.
Cookie settings panel
These are the advanced settings for first-party and third-party cookies. Here you can change the parameters that will affect your browsing experience on this website.
Technical Cookies (required)
These cookies are used to give you secure access to areas with personal information and to identify you when you log in.
Name
Owner
Duration
Description
gobp.lang
BBVA
1 month
Language preference
aceptarCookies
BBVA
1 year
Configuration Accepted Cookies
_abck
BBVA
1 year
Helps protect against malicious website attacks
bm_sz
BBVA
4 hours
Helps protect against malicious website attacks
ADRUM_BTs
Salesforce Marketing Cloud
Session
Required for monitoring of the service, inherent to SFMC
ADRUM_BT1
Salesforce Marketing Cloud
Session
Required for monitoring of the service, inherent to SFMC
ADRUM_BTa
Salesforce Marketing Cloud
Session
Required for monitoring of the service, inherent to SFMC
ADRUM_BT
Salesforce Marketing Cloud
Session
Required for monitoring of the service, inherent to SFMC
xt_0d95e
Salesforce Marketing Cloud
Session
Remember user preferences (if any)
__s9744cdb192d044faa1bf201d29fafd1e
Salesforce Marketing Cloud
Session
Remember user preferences (if any)
wpml_browser_redirect_test
WPML
Session
Text translation in the portal
wp-wpml_current_language
WPML
24 hours
Text translation in the portal
They are used to track the activity or number of visits anonymously. Thanks to them we can constantly improve your browsing experience
Your browsing experience is constantly improving.
With your selection, we cannot offer you a continuously improved browsing experience.
Name
Owner
Duration
Description
AMCV_***
Adobe Analytics
Session
Unique Visitor IDs used in Cloud Marketing solutions
AMCVS_***
Adobe Analytics
2 years
Unique Visitor IDs used in Cloud Marketing solutions
demdex (safari)
Adobe Analytics
180 days
Create and store unique and persistent identifiers
sessionID
Adobe Analytics
Session
Launch's internal cookie used to identify the user
gpv_URL
Adobe Analytics
Session
Adobe Analytics plugin: getPreviousValue Capture the value of a certain variable in the following page view, in this case the prop1
gpv_level1
Adobe Analytics
Session
Cookie used to store the DataLayer levl1 of the previous page.
gpv_pageIntent
Adobe Analytics
Session
Cookie used to store the pageIntent of the previous page.
gpv_pageName
Adobe Analytics
Session
Cookie used to store the pagename of the previous page.
aocs
Adobe Analytics
Session
Cookie that stores the first values collected at the beginning of a process.
TTC
Adobe Analytics
Session
Cookie used to store the time between the App Page Visit event and the App Completed event.
TTCL
Adobe Analytics
Session
Cookie used to store the time between the LogIn event and App Completed.
s_cc
Adobe Analytics
Session
Determine if cookies are active
s_hc
Adobe Analytics
Session
Cookie used by Adobe for analytical purposes
s_ht
Adobe Analytics
Session
Cookie used by Adobe for analytical purposes
s_nr
Adobe Analytics
2 years
Determine the number of user visits
s_ppv
Adobe Analytics
Permanent
Adobe Analytics plugin: getPercentPageViewed Determine what percentage of the page a user views
s_sq
Adobe Analytics
Session
ClickMap/ActivityMap features
s_tp
Adobe Analytics
Session
Cookie used by Adobe for analytical purposes
s_visit
Adobe Analytics
2 years
Cookie used by Adobe to know when a session has been started.
They allow the advertising shown to you to be customized and relevant to you. Thanks to these cookies, you will not see ads that you are not interested in.
The advertising is customized to you and your preferences.
Your choice means you will not see customized ads, only generic ones.
Name
Owner
Duration
Description
OT2
VersaTag
90 days
VersaTag Cookie used to store a user id and the number of user visits.
u2
VersaTag
90 days
VersaTag Cookie where the user ID is stored
TargetingInfo 2
MediaMind
1 year
Cookie that serves to assign a unique random number that generates MediaMind.
These cookies are related to general features such as the browser you use.
Your experience and content have been customized.
With your selection, we cannot offer you a continuously improved browsing experience.
Name
Owner
Duration
Description
mbox
Adobe Target
9 days
Cookie used by Adobe Target to test user experience customization.
×
Looks like you’re browsing from Mexico, so let’s show you the custom content for your
location. Change
Looks like you’re browsing from Spain, so let’s show you the custom content for your
location. Change
Select a country
In order to access the private area and corresponding sandbox, select the country of the APIs you want to use.