The password system is an Achilles' heel of Internet connections. If you do not follow specific rules, a password can be "cracked" by a hacker and he could then access your information. Fortunately, there are specific rules to follow and also relatively simple security solutions to implement in order to have, for each site where you are registered, robust and reliable sesames.
When we approach a subject such as passwords , the surprise is often enormous.
The most used password in the world is: 123456! Number 2 is not much better: 123456789. Suffice to say, with such sesames, for a pirate, the task is ultra facilitated.
Many Internet users use one and the same password for all the sites consulted.
A large number of passwords are extremely easy to find for anyone who knows the user a little or is willing to take the trouble to look into it, via their social networks for example.
 |
How to create a secure password? |
Generally speaking, password protection is grossly insufficient, and major tech players have begun to implement more robust protection systems. We will see here two major solutions for securing your data.
Where are passwords stored?
Hackers use many methods to attempt to crack passwords. One of them consists in stealing these sesames on the data bases of the sites to which we can be registered. Our passwords are stored there, generally in encrypted form, and therefore a priori extremely difficult to decode. However, it happened that a super talented hacker managed to find the fault.
Big companies like Sony, Dropbox, Adobe, Snapchat or Orange have had their password databases stolen and decrypted at some point. When a hacker recovers such lists, he usually puts them up for sale on certain specialized sites on the Dark Web .
For the people affected, the consequences are sometimes very annoying, such as when intimate photos are stolen and publicly disseminated or when it becomes possible to empty a bank account.
Does this mean that it would be impossible to protect one's accounts on the Internet ? No way. What is certain is that the classic password system has had its day. It has too many long-term limitations to be able to offer absolute security.
However, there are many reliable solutions. As we have said, companies like Google , Apple or Microsoft but also large financial institutions have fully realized the need to secure data on the Internet and nowadays, many solutions have been put in place, in particular the two-factor authentication that must be activated.
And if you have an iPhone, you know that Apple has opted, for several years now, for biometrics (recognition of physical attributes ) as a key to your device. First fingerprints , then face ID.
In the absence of being able to hack into a company's database, hackers use many techniques to try to guess what your password is, and quite often it is the user himself who facilitates their task by using a weak password.
Secure password: what to avoid
- What are the rules for defining the most secure password possible?
- You should never use elements of your identity in the password. A classic choice for some is to include their date of birth or that of a child in the password. An example of a relatively easy to crack password would be to use the city and date of birth like "toulouse040178".
- Nor should names or nicknames of close people be included in the password. An example: the cat is called Samba and you regularly post photos of this animal on Instagram , indicating its name. This is an element that programs dedicated to "cracking" passwords can fully integrate into their analysis.
- It is best not to use dictionary words. Some programs that try to find your sesame include the use of these words in their analysis.
- It goes without saying that sequences of logical numbers or letters such as the champion of the lot “123456” are to be banned. But "3456789" or "abcdefghijkl" aren't much better.
The rules of a secure password
The ideal for a quality sesame is to combine:
- numbers ;
- one or more lowercase letters;
- or one or more uppercase letters;
- special characters.
Some examples: “3,f59wBA}t$X”, “{^68sFuX8Bdh)5”, “iWv8.3xD)nJ_53”. The whole must form something completely unintelligible, without any logic. Thus: "canada-75" or "los Angeles/69000" although they respect the above rules, would be insecure passwords. The longer the password, the better. It is usually possible to span 12 or more characters. Might as well use them all.
Sites that generate passwords
If you lack inspiration, many services take care of generating secure passwords, that is to say made up of such a complex combination of lowercase letters, uppercase letters and special characters, and devoid of any logic.
Here are some addresses of password generators :
- Password.xyz: https://www.password.xyz/
- Dashlane Password Generator: https://www.dashlane.com/en/features/password-generator
- Password generator: http://www.generator-motdepasse.com/
 |
| The password.xyz site is able to generate a password that complies with the expected security rules. © password.xyz |
On a browser such as Firefox, when a site asks you to register and therefore to enter a password, you will see the mention Use a password generated in a secure manner (or if you click right, the Suggest a strong password option ). Firefox then offers a sesame that complies with the rules set out above and all you have to do is select it.
 |
| When you sign up for a site, Firefox automatically generates an ultra-secure password that you just have to select. © Firefox |
Similarly on Google Chrome, if you have a Google account and if you have asked Chrome to save your passwords -- see below -- when it comes to proposing a password, you can right-click and select the Suggest Password option . Again, the sesames offered by Chrome are secure.
 |
| If you have a Google Account and have allowed Chrome to save your passwords, you can use the Suggest Password option. © Chromium |
An alternative to using web browser stored passwords is to use a password manager such as 1Password, Dashlane, KeePass and LastPass. With such a tool, your passwords are generated - automatically if desired and in secure form - and saved in a protected external database. At each visit to a given site, the password manager provides the sesame requested.
 |
| A password manager comes between you and each site visited and ensures the generation of ultra-secure sesames that it provides itself each time you visit a site. © dashlane |
You need a different password for each site.
Having an ultra-secure password is optimal; but using the same one to access several different sites is not without risk. If by chance, a hacker managed to find your password on just one of these sites, he would be able to compromise several sites to which you currently have access.
It is therefore essential to create a different password for each site visited. However, you will ask the question: but how to remember dozens and dozens of different passwords?
Well, first of all, if you use a password manager such as Dashlane, you will never have to worry about remembering the passwords of the various sites you visit. Such a password manager will work on all the devices you can use: Mac, PC , tablet , smartphone ... So, from the moment you are identified with a system such as Dashlane, you you no longer have to worry about anything: you can access the sites on which you are registered by benefiting from ultra-secure sesames that you do not need to remember.
The other solution is to exploit a feature of browsers: saving passwords. Since 2019, major browsers offer to save your passwords once you have created them. When you access a given site, the password is automatically provided by the browser.
The security provided by the Chrome-Google Authenticator couple
Google has a high security solution with the couple Chrome and Google Authenticator. If you have a Google account, you can first verify that Chrome is saving all your passwords:
- Select Settings then Autofill;
- Click Passwords;
- Check that the option Offer to save passwords is activated. And that it is the same for the option Automatic connection - the access to the sites is done then automatically.
That's not all. Always on Chrome if you have synchronization enabled, you can have access to all your passwords regardless of the device used. To make sure your passwords are synced in Chrome:
- Select Settings from the Chrome menu;
- In the Google and you section, choose Google services / Synchronization;
- In the Synchronization section, select Manage the content you synchronize;
- Check that the Passwords option is active. If so, your passwords will be accessible from any device as long as you use your Google Account.
From there, you can connect to all the sites on which you have registered from any computer , any tablet, any smartphone.
However, how can you be sure that the security is maximum? It is essential to install the Google Authenticator application on your smartphone . From there, when you sign in with Chrome from a new device, a confirmation request is sent to the mobile phone.
We therefore have with the couple Chrome and Google Authenticator a flexible, high security solution and therefore highly recommended. Similar solutions exist with Microsoft's Edge browser or even Firefox.
View the list of saved passwords
Note that it is easy from Chrome or Firefox to consult the list of saved passwords.
Under Chromium:
- Select Settings then Autofill;
- Click Passwords;
- The list of sites on which you are registered appears with the corresponding identifier. A click on the eye brings up the password.
In Firefox:
- Select Settings;
- Select Privacy and Security;
- Scroll down to the Logins and Passwords section;
- Click Saved credentials. The list of sites on which you are registered from Firefox appears in the left column. On the right, a click on the eye reveals the password.
One last point: such browsers -- and also password managers such as Dashlane -- alert you if they detect that a site where you saved a password has suffered an attack that could lead to theft of your credentials. When this is the case, make sure to always fix it by changing your password.
Add Comments