We updated this article on 05/06/2021 on the occasion of the world password day. We took the opportunity to add contextualization elements as well as new solutions to secure passwords.
“Despite the numerous leaks of identifiers, consequences of cyberattacks, and despite the recommendations of the CNIL, the French are still far from creating a different password for each of their online accounts “, underlined the specialist in identity verification Onfido after unveiling the results of an international study on passwords commissioned from the British firm Censuswide between April 20 and 26, 2021.
The study involved more than 4,000 people in the United States, United Kingdom, Germany and France. And among the 1,030 French people surveyed in the study, only 1 in 5 (19%) had adopted the good practice of changing mdp for each platform. 33% draw from a list of several passwords which they alternate between use and 26% have a main password which they decline according to the requirements of each site.
If we add to that the fact that a lot of people still use a password like this “123456” or “azerty, it becomes easy for a hacker to guess or “crack” them, obviously. As a general rule, it is not recommended that you shield your passwords. And also to use one per department. Oh yes, and also to change them every three months, minimum.
And not to forget your password, there are several methods. Old school style, you put it all down on a piece of paper or in an email, and pray that no one ever gets their hands on it – or that that paper / email gets lost. More reasonable, you have the choice between not writing down your passwords anywhere, or storing them in a really secure place.
Use mnemonic devices
The longer your password, the better. On average, 12 characters do the trick. Use special characters, upper case letters, lower case letters and numbers. In order not to forget anything, you will have to create a mnemonic system of your own.
Use text that you know inside out, and keep the first letter of each word. For example, if you choose this Indian proverb: “don’t cut the strings when you could untie the knots”. You obtain : “ncplfqtpdln”. Then, change the password to adapt it to the service used. If it’s Facebook, you can add “fb” at the beginning, if it’s twitter, you can add “tt”. Finally, add numbers, for example your date of birth scattered in the password. If you were born on November 10, 1955, it can give: “fb10ncplf11qtpdln55”.
In short, the idea is to use a phrase that you know well, such as the lyrics of a song for example, to transform it to your taste, and to create a system that is easy to remember and adapt.
A password generator
If you really dry up, Secure Passwords will generate unique and complex passwords for you. It uses encryption algorithm bcrypt. To create a password, enter a nickname, a service name (Facebook, Google, etc.), and a “key phrase” that only you know. To find your password, you just have to do the same thing again. Other software allows you to automatically generate passwords, such as Password Gorilla.
A single password to access all your user accounts
- Downloads: 6
- Release date : 09/03/2013
- Author : Gorilla
- Licence : Free license
- Operating system : Linux – Windows XP/Vista/7/8/10 – macOS
A “safe” of passwords
Finally, there is the “password safe” solution. With Keepass you can save all your passwords in a single file. Of course, this file is encrypted. You just have to never forget the “master password” which is used to open your file …
KeePass Password Safe helps you create strong passwords and keep them in a list, so you can access them anytime. Your list of passwords is kept in encrypted form.
- Downloads: 1
- Release date : 09/01/2021
- Author : keepass
- Licence : Free software
- Operating system : Android – Linux – Windows 7/8/8.1/10 – Windows Portable – XP/Vista/7/8/10 – iOS iPhone / iPad – macOS
You can also use Dashlane. This software will generate complicated and unique passwords for you, which it will keep and will take care of entering automatically in the forms when you browse the Web.
With Dashlane, secure your passwords and store them so you don’t lose them, use the VPN to browse safely and protect yourself by monitoring the dark web.
- Downloads: 16
- Release date : 03/05/2021
- Author : Dashlane, Inc.
- Licence : Free license
- Operating system : Android – Linux – Windows – iOS iPhone / iPad / Apple Watch – macOS
But as with Keepass, be careful not to lose your master password! Now just take a little turn on How secure is my password, which allows you to test the strength of your password, and surf with peace of mind.
We are never too careful
If you want to go even further, you can use in addition to a complex password a multifactor authentication also called “two-step validation“at Google. This is a second validation step after entering your password which confirms that it is you who is trying to connect. Apple, Microsoft, Steam or Blizzard offers such systems.
Google Authenticator allows you to add a second layer of protection in addition to your password. The free Google Authenticator app generates two-step verification codes on your phone or tablet.