Is your password secure? Why should you use a different password on every site and app? And above all, how can we not forget them? So many questions are here that should answer.
Is my password secure? Should we use a different word on each site and each application that we use? How many characters should I use, and how do I remember it without writing it down on a small piece of paper on the computer screen?
For the past ten years, there have been countless attacks by cyber criminals. Attacks that sometimes result in “success” for hackers, who steal valuable information about Internet users.
Ban The Everlasting “123456”
If these threats are frightening Internet users, they also put their fingers on a fault we are all guilty of. Because hackers hastened in the wake of revealing the passwords of users. And the scariest is perhaps to discover that ultimately our habits have changed little. Yes, many of us write our passwords on pasted paper at the bottom of the screen or in a text file stored in a directory on the computer.
And the worst thing is that the most used passwords are always the “123456”. How to imagine that this password is effectively 2 seconds? Same thing for the other clichés: “password”, “qwerty” (or its variant “Azerty”), “admin”, “abc123”, “111111”…
Stay Alert, We Must Remain Vigilant
We use the same passwords in all devices. On our PCs and Macs. But also on our smartphones, our tablets, our network drives, our box ADSL… Etc., one finds all the time: with the starting of the computer or the smartphone. But also to connect to a local network, to post on a forum, to view its online accounts, to purchase on a website, synchronize its data between different devices, etc. They have become indispensable and guarantee maximum security users. But still it is necessary to use it wisely, because they can sometimes be very easy to guess, find themselves in the public square and exchange between hackers worldwide. To properly choose them, but also to remind you and to ensure that they store in an inviolable space, here is a series of tips related to passwords.
How Hackers Find A Password?
To steal a password and the associated identifier, there are several techniques. The most common is to use “dictionaries” of the password. A small script will test all the “terms” or “combinations of terms and numbers” used by users around the world. The Hackers can use classic and localized dictionaries, but it would not be very effective. They have access to much more complete password catalogs. Stun, one of them even compiled a dictionary of over 1.5 billion passwords and distributed it via the BitTorrent p2p network. This is the largest password base ever (the compressed file weighs over 4 GB).
Another method: brute force attack. Here, a script tries all the combinations without using a dictionary. This method is longer, but is more successful, since, in theory, it can find any sequence, as complex as it is (upper case, lower case, number, special characters…).
It Takes A Few Hours To Find A Complex Password
In theory, when we know that a computer can perform several millions of calculations per second and thus generate as many passwords as a result, we could quickly panic. In theory, in a few hours, hackers can hack a password of eight characters using a conventional PC. But not that simple. Because our computers, websites, smartphones, and other devices are better protected than they seem. They can, for example, use a “timer”: after three unsuccessful attempts to enter a password, the system refuses the user (or hacker) the fourth try. He must wait a few minutes, or even hours before he can try again.
Therefore, if the password is a little complex, it is impossible to find it with the help of a dictionary or brute force… Unless you spend a few millennia. Some systems, such as web mails, for example, will even permanently refuse the fourth attempt, forcing the user to contact the service, to reset the forgotten password.
There is a second, rather similar method that involves doubling the time between each entry attempt. It does not prevent the user from entering a password, but it increases the chances that a hacker puts his hand on the precious sesame using a brute attack.
Finally, all these methods can couple with more physical techniques, such as fingerprint recognition on computers or smart-phones, facial recognition or voice recognition.
Can We Verify That A Password Is Secure?
On the web, there are hundreds of services offering to check the “strength” of a password. For example, go to The Password Meter and enter your password to test its effectiveness. Microsoft also delivers an online service that verifies the validity of a password. There is nothing to download, just go to the Password Checker site and enter the password, to better test its resistance to hacking attempts. But there is more fun, always at Microsoft. Telepathy word is the service in question and proposes to guess the whole password as you enter it. Here again, there is something to worry about: Telepathy words can detect the letters or numbers that you will enter 50% of cases.
Should I Change My Password Regularly?
In theory, I must have changed passwords at least once a month. A restrictive manipulation that (almost) nobody does. And yet, it’s the key to an inviolable password. The best advice we can give you is to change them at least once a year, rather than a month. And if you are afraid of not remembering it, use an aggregator. Finally, the last tip: always change your passwords.
Never use the same password twice on the web, especially if you associate them with the same email address. Imagine that a site, despite all its precautions, comes to hack and disclosed all of its user accounts. Theoretically, the site’s database encrypted all passwords, but nothing gives you 100% assurance. As a result, if a hacker comes to retrieve your username and password for a site, he will try to use them on other platforms. Therefore, it’s strongly recommended that you never use the same password twice.
Foremost, Beware Of Keyloggers!
Also, check that, no keyloggers install on your computer. A keylogger detects and stores all the uses of the keys of the keyboard. This is a small spy that intercepts your identifiers and your passwords and then transmits them via the web to a cyber criminal. If you suspect a keylogger on your PC, install any security suite, even a free version. All antivirus, even the most basic, can detect a keylogger: there is no need to use dedicated software.
The Generator: Practical, But Difficult To Memorize
To secure a password, several effective techniques are possible. One of the best known is to use a generator that allows you to create a password randomly, with many characters. Password generators, there are hundreds on the web, such as exhaustif.com, Creating passwords or the Norton publisher website. There is software to install on your PC (Password Generator, Efficient Password Manager, etc.), or plugins for your browser (PWgen for Firefox).
The trouble, with these words generated, is that it will remember later. And when you get something like “4s (9V8 + $ 7BzexYN *)’, it’s really not obvious, the other problem is that this kind of password is not necessarily obvious to enter on a device that does not have a physical keyboard, such as a game console or media player (for example, to access an online service or the network), so it may be a great way to protect your data, but it’s not the most user-friendly.
Key Shift: Simple And Effective
Another, a more practical method is a little trick. It comprises imagining a password that will remember easily and shifting all the characters in a row to the left or right of the keyboard. An example: 19sartrouville80kitty.
In this example, 19 and 80 are the year of birth of a typical user, Sartrouville is his birthplace, and Kitty is the name of his cat. Problem: hackers can quickly find such a password, despite the numbers. Now, let’s shift all of a column to the left relative to the position of each character on the keyboard. The “s” becomes “q”, the “a” becomes “p” (we shift to the extreme right since we reach the end of the race on the left), the “r” becomes “e”, the “t” Becomes “r”, etc. And we do the same for the numbers. So, we get 38qperiycukkz70jurrt (Let’s not forget that if we get to the left end of the keyboard, we start at the right end). Add to this a capital letter at the beginning and the end of the word, which results in 38QperiycukkZ70JurrT.
This has something to occupy our pirates for a while, and it will be easier to memorize a password randomly generated. Casually, the password thus created already occupies 20 characters. One can complicate the thing by adding another term or another date, that one will also shift to the left of the keyboard. But also add, for example, a small symbol (* /, – +…) before or after the dates.
Two Factor Authentication
The Two-factor authentication: behind this somewhat complex expression is one of the surest ways to protect your information. The Two-factor authentication, also known as the two-step verification, requires, as the name shows, two manipulations by the user. When logging into a site like Facebook, for example, he starts by entering his email address and password. Until then, nothing unusual. But once this step is over, he must also enter a second code, which he received by SMS on his phone or by email.
But Where Are The Sites?
Two-factor authentication is useful if you need to change equipment regularly. Use it if you are often on the move and you find yourself in front of a PC or a smartphone that is not yours. This kind of service is gradually spreading (Google, Microsoft Live account, LinkedIn…), but often it is by default disable. To put it in place, refer to our Guide file, which lists the largest services that use the two-factor authentication.
The Wallet Of Passwords
This kind of device does not conceal a particular mystery. In all cases, you will need at least one strong password. But the aggregator has allowed getting rid of all others since stores them in a “safe” or “wallet”. You only need to enter a password to reveal all the others.
The other big advantage, aside from being a simple reminder, is that a password aggregator can use on any platform and that the data synchronizes between different devices (one paid option). So you have the option to configure all your passwords on your PC or Mac and find them on your smartphone, without having to enter them one by one again.
The number of programs capable of performing this operation is legion. Here is a small selection:
- Price: free (exists in the premium version at €39.99/year).
- Platforms: OSX, PC, iOS, Android.
In just two seconds, Dashlane scans all the passwords stored in the browser and determines a security level. It’s simple and very visual, and we understand immediately where the flaws can come on his machine. It offers an automatic entry tool for traditional sites, but also merchant services. One of the most powerful and complete of all.
Keepass password safe
- Price: free.
- Platforms: Windows, Android, iOS, OSX.
A tool that is more basic than most of its competitors, but has an impressive list of features (managed by “groups”, password generator, automatic cleaning of the clipboard, etc.).
- Price: free (exists in the premium version at $43.20/year).
- Platforms: Browsers, iOS, Android.
LastPass is a special tool since it is mainly an extension to the browser (Internet Explorer, Opera, Firefox, Chrome, or Safari). So there is no executable on Windows or Mac OS X and everything happens in the browser. The application is very effective and very complete. The little assistant at the beginning of the installation is welcome.
In Summary, How To Choose Your Passwords
There is no foolproof password, as long and as complex as it is. However, the more you follow the few recommendations below, the more difficult it will be for a hacker to find your precious message. And if it takes several years to polish, the information related to your password becomes obsolete. Your data will be safe for a good time. If we had to summarize the different techniques related to the creation of an effective password, we could do it:
- A password must be as long as possible. At a minimum, dial it up to 8 characters, but as we saw in the section devoted to keyboard shift technique, it is easy to develop one of about twenty characters, and to memorize it easily.
- Alternate between uppercase, lowercase, numbers and if possible special characters. Again, the technique of keyboard shift can be a good asset to remember.
- Never write it down on a piece of paper and do not record it in a clear (unencrypted) file either. If you are afraid of losing all your passwords, use a wallet (or aggregator).
Never pass on your passwords in clear and to your loved ones. Avoid running instant messaging software or traditional mail.