There are so many platforms that require us to create an account with a username and password, such as online banking, social networks, email, e-shops, etc. Trying to remember all of our passwords has proven to be a fruitless endeavor.
Let's look at some practical guidelines for creating a strong password.
{jistoc} $title={Table of Contents}
Why have a strong password?
Cyberattacks are not a pipe dream; they are a reality. Taking care of the quality of our passwords is one of the foundations for reducing the risk of becoming a victim of such an attack. Many personal data leaks and cyberattacks are caused by weak passwords.
With the development of personal online spaces, the password has become the most widely used security mechanism. We all have huge numbers of online accounts. The first mistake is using the same password for all these accounts.
Creating an exclusive password for each account containing sensitive information is thus the first step. However, this precaution is insufficient because each password must be sufficiently strong.
Indeed, a weak password can be broken or stolen very quickly. In this case, the consequences can be disastrous since it is often too late when the user realizes it.
By decrypting your password, the hacker can then access your account data. He can then use this data for personal purposes (identity theft, online spending, etc.) or blackmail for money.
Therefore, it is essential to use a strong password for each account containing sensitive data. The stronger a password is, the harder it is to crack.
Characteristics of a Strong Password
Now that we have presented the importance of using a strong password, let's look at the qualities required of such a password.
In cybersecurity, robustness refers to the ability of a password to resist cyberattacks and, more specifically, password cracking. In other words, the stronger a password is, the more difficult, if not impossible, it is to crack.
A strong password combines the following 3 qualities:
- Complex
- Random
- Unique
Password complexity is based on two fundamentals, password length, and character set. These two characteristics considerably influence the time required to crack the password by brute force (enumeration attack). The longer the password, the stronger it is.
The character set consists of using a password that mixes letters, numbers, symbols, and upper and lower case letters. The complexity of a password is measured by its entropy, i.e. the number of guesses that must be tested to crack the password.
According to the SCSP Community (Seasoned Cyber Security Professionals), a self-help cybersecurity organization, it takes about 12 years to brute-force crack a 9-character password that mixes numbers, letters, uppercase, lowercase, and symbols. While it only takes 4 seconds via the same method to crack a 9-character password consisting of numbers only.
The random aspect of a strong password is achieved by emphasizing non-sequential (unorganized) character sequences. For example, "423615" is more secure than "123456". Likewise, the password should not refer to personal information such as your date of birth, your city, or others.
Randomness also entails avoiding references and common words such as the famous "password." Even if it means using words, try to choose sequences of unrelated words and ensure the complex aspect mentioned above, e.g., "pO!VreQl0t3" instead of "poivreculotte."
We have already mentioned it in the previous section, but it is essential to use a different password for each account that contains sensitive data.
Method and tools to generate a secure password
The simplest way to generate a secure password incorporating all the characteristics mentioned above is to use a password manager that includes a random password generation tool.
With this software, a user can list all his various online accounts and generate a random password for each of them. He will then choose the main password to access the database of his various accounts.
To memorize this master password more easily, a trick is to use 3 words chosen at random from the dictionary, use a capital letter on the nth character of each word, and separate each word with a symbol. For example: for the words "trash," "towel," and "owl," the password "trAsh,toWel;owL" offers a high level of entropy.
To test the effectiveness of your combination, you can use an online password tester. Please note that the password tested online must not be used. There is a possible security hole if a non-legitimate site recovers the passwords tested on it. Use this type of online tool only to verify the effectiveness of the password pattern you are testing.
Conclusion
As mentioned in this article, to generate a strong password, it is necessary to use a password with a very large number of entropy bits: long, mixing letters, numbers, symbols, uppercase, and lowercase, and organized in a random way, unrelated to your identity or to the site in question. Also, the same password should not be used for multiple accounts. Each account must have its own unique and strong password.
Since it's impossible to remember all those strong passwords, it's best to use a password manager. It generates a random password for each account in your database.
Choosing a strong password is one of the foundations of cybersecurity. However, adopting good cybersecurity hygiene requires more than just a strong password. Other complementary methods make it possible to reinforce cybersecurity, like two-factor authentication when the site allows it.
Post a Comment