Using strong and constantly updated passwords is one of the first steps to take to protect your sensitive data online. To reiterate this, on the occasion of the World Password Day on May 7, is ToothPic, the innovative startup operating in the cyber-security sector and whose mission is to help organizations protect their digital services. Founded by Diego Valsesia, Giulio Coluccia, Tiziano Bianchi, Enrico Magli – 4 researchers and professors from the Department of Electronics and Telecommunications of the Politecnico di Torino – ToothPic has in fact invented, designed, developed and patented a solution to transform every smartphone into a safe key for online authentication, taking advantage of the hidden and involuntary signature that each camera leaves. “The theft and compromise of passwords and access credentials to web services are the most common vulnerabilities and are the cause of almost 40% of cyber attacks” recall the founders of ToothPic who, on the occasion of the world day of passwords, launched a vademecum for control data theft. The first advice is “Do not reuse the same password to access multiple services”, but also “Avoid clicking on links contained in messages or emails, even if they arrive from senders who at first sight are trusted or known, in which they are asked authentication data “. In addition, the startup reminds to “update passwords that are too weak which can facilitate hackers, allowing them to intervene with attacks directed at brute force (brute force). The longer the passwords are and not trivial, the more difficult they will be to crack” they warn. it is important to “protect the same smartphones and computers with a code, a password or a biometry that makes the content at least secure” and finally “always activate multi-factor authentication, preferring authenticators based on tokens or apps over codes sent via sms “. The founders of ToothPic underline that “unfortunately the numerous thefts of credentials in the last year testify to how much the traditional access methods are still too vulnerable today, as well as not very user-friendly, especially for companies, financial institutions and the Public Administration”. “If historically it was necessary to demonstrate knowledge of a password to access a web service, today it is advisable to combine another verification factor such as possession – smartphone, token, smartcard- or biometric, thus creating Multi-Factor Authentication schemes (Mfa ) “affirm Diego Valsesia, Giulio Coluccia, Tiziano Bianchi, Enrico Magli who, however, underline:” Although this practice is strongly recommended, it is still largely optional for the user who often does not activate it for usability reasons “. Finally, the founders of the startup recalled, “ToothPic was created precisely to protect the digital assets by providing the technological uniqueness of its multifactor solution. Our technology, currently protected by 4 patents, transforms each user’s smartphone into a key to ‘passwordless online authentication, guaranteeing a more competitive solution in terms of security, usability, integration and costs compared to the approaches commonly used to access online “.