Passwords remain essential in our digital lives. Strong and secure passwords should be used. Follow these rules and you’ll be fine.
A password A strong password is essential to your online security, and you need a unique password for each of your accounts. But with all these accounts, it’s very tempting to fall into the bad habit of using the same password (and username) everywhere. If your data is compromised, a weak password exposes you to, for example, identity theft. Until passwords are a thing of the past, it’s time to take the right steps.
Use a password manager
Strong passwords are long, hard to guess, with lots of special characters and numbers. This is where password managers come in handy. A good password manager like 1Password or Bitwarden can create strong passwords for you, and these solutions work on desktop and mobile.
The only drawback, finally, is that you have to remember a single password, the master password, which unlocks access to all the others. This must be very strong. Also, remember that even password managers can be hacked.
yes, you can write your credentials
This recommendation goes against everything you’ve been told about online protection. But password managers aren’t for everyone. Some security experts, such as the Electronic Frontier Foundation, say that keeping your credentials on a piece of paper or in a notebook is a viable method.
Of course, by doing so, someone could break into your home and take all your passwords, but that’s highly unlikely. In the office or at home, keep this sheet in a safe or well-hidden place. And that a minimum of people know where it is.
However, if you see them frequently, carrying your passwords with you will increase the risk of loss.
Get notified if your passwords are compromised
It’s not always possible to prevent your passwords from being compromised, but you can find out if this is the case. Mozilla Firefox Monitor or Google Password Checkup can tell you if that email address and/or password has been compromised. Have I Been Pwned offers the same feature.
Avoid too common words and combinations of characters in your passwords
The goal is to create a password that a third party cannot easily guess. Avoid common words and other predictable character sequences. Also avoid using your first and last name, your pet’s, your date of birth, street number, or anything directly associated with you. A fortiori if it is public information.
Long passwords are better: 8 characters, no less
8 characters is a good length to start talking about strong passwords. But more time is better. The Electronic Frontier Foundation and security expert Brian Krebs, among many others, recommend using a passphrase that consists of three or four random “words.” However, it is more difficult to remember, hence the need for a password manager.
Don’t recycle your passwords
Reusing passwords across different sites is a very bad idea. If someone gets a password, they will have access to your other accounts. The same is true when proceeding with very simple modifications. For example, PasswordOne and PasswordTwo are prohibited. By using a unique password for each of your accounts, in the event a hacker obtains a password, they will only have access to this single account.
Avoid using already compromised passwords
Hackers use dictionaries when trying to log into accounts. And these are mostly made up of passwords that have already been compromised. To check if your password has been compromised, go to the Have I Been Pwned site and enter your password.
No need to change your password regularly
For years, changing the password every 60 or 90 days was an accepted practice because people thought that was the time it took to crack a password. But Microsoft today recommends against doing so, unless of course you suspect a compromise. Why ? Being forced to change frequently, many of us would fall into the bad habit of opting for easy-to-remember passwords or writing them on a post-it stuck on the screen.
Use two-factor authentication… but avoid SMS codes
If thieves get your password, you can still prevent access to your account if you’ve opted for two-factor authentication (2FA). The system will then ask you to enter a second proof, a unique ephemeral code, before granting you access. So if a hacker gets your password, without his trusted device (often your smartphone), he won’t be able to log into your account.
Most of the time, the unique code is sent by SMS or directly through a phone call. Unfortunately, today’s hackers can easily spoof your line (via SIM swapping) and intercept the code.
The safest way is to use an authenticator app like Authy, Google Authenticator, or Microsoft Authenticator. And once set up, you can register your device or browser so you don’t have to authenticate twice every time you want to connect somewhere.
#passwords #strong #secure #rules