An average user behind his screen:
– What was my password again…
*remembers his first pet*
– and my date of birth…
*writes with confidence: kitty84*
– no it’s not that, it needed a capital letter…
*beginning to lose patience: Frimousse84*
– and a special character…
*Frantically hitting the keys of the keyboard: Kitty$$84*
– another number…
*writes without any more hope: : Kitty$$842*
*click on “forgotten password “*.
A scene that probably rings a bell.
As author Randall Munroe writes in his webcomic xkcd :
“AFTER 20 YEARS OF EFFORT, WE HAVE ENCOURAGED EVERYONE TO CHOOSE PASSWORDS THAT ARE HARD FOR HUMANS TO REMEMBER, BUT EASY FOR COMPUTERS TO GUESS.”
Without going into the complex details of encryption, it will be easy to crack a password whose letters have been changed to numbers or special characters or with reversed letter orders because these are expected behaviors.
However, it will be difficult for a normal user to remember it.
So how do you choose a password that is easy to remember and hard to guess?
Choose 4 random words that you can easily visualize. If we stay with the example of your rabbit Frimousse, take a picture that will be hard to forget:
And make it a password like rabbitrumpcelebrationbalcon.
To give you an idea, this will be about 65,000 times harder to crack than a password based on a common name with modified characters.
Well, there will always be the problem of sites that ask you to add a capital letter, a number, a special character… and you may not want to see Mr. Trump every time you enter a password.
So let’s try a second trick.
Imagine a sentence that is easy to remember and that is personal to you, for example: “I paid for my first car, a Citroën Saxo, 3,000€”. Let’s transform it by using the first letters of each word and by arranging the text a little: “Jpm1v,1CS,3k€” And here you are with a secure password, requiring only one sentence to remember.
If memory is not your strong point, there are still password generation and management software that will make your life easier as we mentioned a previous article. In any case, it is essential today to have a password that is impossible to decipher and as far as possible different from one site to another.
To go further :
Is a secure password enough?
Unfortunately not. Other measures should be taken to ensure the security of your data, such as:
- never divulge your password (by e-mail, post-it notes etc.)
- prefer to enter a site directly in the address bar rather than by clicking on a link received by email or messenger
- check that the site you are browsing on is marked HTTPS with a valid certificate (in the address bar)
- check that you are not infected by a virus that could recover your keyboard input by using an antivirus / antimalware.
ANY QUESTION ?