How to create a secure password?

When discussing a topic such as Passwordsthe surprise is often enormous.

• The password the most used in the world is: 123456! Number 2 is not much better: 123456789. Suffice to say, with such sesames, for a pirate, the task is ultra facilitated.
• Many Internet users use one and the same password for all the sites consulted.
• A large number of passwords are extremely easy to find for anyone who knows the user a little or is willing to take the trouble to look into it, via his social networks for example.

Generally speaking, password protection is grossly insufficient, and major tech players have begun to implement more robust protection systems. We will see here two major solutions for securing your data.

Where are passwords stored?

Hackers use many methods to attempt to crack passwords. One of them consists in stealing these sesames on the data base sites to which we can be registered. Our passwords are stored there, usually in encrypted form, and therefore a priori extremely difficult to decipher. However, it happened that a super talented hacker managed to find the fault.

Big companies like Sony, Dropbox, Adobe, Snapchat or Orange had their password databases stolen and decrypted at some point. When a pirate recovers such lists, he usually puts them on sale on certain specialized sites of the dark web. For the people affected, the consequences are sometimes very annoying, such as when intimate photos are stolen and released publicly or when it becomes possible to empty a bank account.

Does this mean that it would be impossible to protect one’s accounts on Internet ? No way. What is certain is that the classic password system has had its day. It has too many long-term limitations to be able to offer absolute security. However, there are many reliable solutions. As we said, companies like Google, Apple Where Microsoft but also the large financial institutions have fully realized the need to secure data on the Internet and nowadays, many solutions have been put in place, in particular two-factor authentication which must be activated. And if you have a iPhoneyou know that Apple has opted, for some years now, for the biometrics (attribute recognition physical) as sesame of your device. First of all the fingerprintsthen Face ID.

Unable to hack a company’s database, hackers use many techniques to try to guess what is your sesameand quite often it is the user himself who makes it easy for them by using a weakly secure password.

Secure password: what to avoid

What are the rules for defining the most secure password possible?

• You should never use elements of your identity in the password. A classic choice for some is to include their date of birth or that of a child in the password. An example of a relatively easy to crack password would be to use the city and date of birth like “toulouse040178”.
• Nor should names or nicknames of close people be included in the password. An example: the cat is called Samba and you post regularly on instagram photos of this animal, indicating its name. This is an element that programs dedicated to “cracking” passwords can fully integrate into their analysis.
• It is best not to use dictionary words. Some programs that try to find your sesame include the use of these words in their analysis.
• It goes without saying that sequences of logical numbers or letters such as the champion of the lot “123456” are to be banned. But “3456789” or “abcdefghijkl” aren’t much better.

The rules of a secure password

The ideal for a quality sesame is to combine:

• numbers ;
• one or more lowercase letters;
• or one or more uppercase letters;
• special characters.

Some examples: “3,f59wBA}t$X”, “{^68sFuX8Bdh)5”, “iWv8.3xD)nJ_53”. The whole must form something completely unintelligible, without any logic. Thus: “Paris-75” or “Lyon/69000” although they respect the above rules, would be insecure passwords. The longer the password, the better. It is usually possible to span 12 or more characters. Might as well use them all.

Sites that generate passwords

If you lack inspiration, many services take care of generating secure passwords, that is to say, made up of such a complex combination of lowercase letters, uppercase letters and special characters, and devoid of any logic.

Here are some addresses of generators passwords:

On a Navigator such as Firefox, when a site asks you to register and therefore to enter a password, you see the mention Use a securely generated password (or if you right-click, the option Suggest strong password). Firefox then offers a sesame that complies with the rules set out above and all you have to do is select it.

Similarly on Google Chrome, if you have a Google account and if you have asked Chrome to save your passwords — see below — when it comes to proposing a password, you can right click and select the option Suggest a password. Again, the sesames offered by Chrome are secure.

An alternative to using web browser stored passwords is to use a password manager such as 1Password, Dashlane, KeePass and LastPass. With such a tool, your passwords are generated – automatically if desired and in secure form – and saved in a protected external database. At each visit to a given site, the password manager provides the sesame requested.

You need a different password for each site.

Having an ultra-secure password is optimal; but using the same one to access several different sites is not without risk. If by chance, a hacker managed to find your password on just one of these sites, he would be able to compromise several sites to which you currently have access.

It is therefore essential to create a different password for each site visited. However, you will ask the question: but how to remember dozens and dozens of different passwords?

Well, in the first place, if you use a password manager such as Dashlane, you will never have to worry about memorizing the sesames of the various sites consulted. Such a password manager will work on all devices you can use: Mac, computer, Tablet, smart phone… So, from the moment you are identified with a system such as Dashlane, you no longer have to worry about anything: you can access the sites on which you are registered by benefiting from sesames ultra-secure that you don’t need to remember.

The other solution is to exploit a feature of browsers: saving passwords. Since 2019, major browsers offer to save your passwords once you have created them. When you access a given site, the password is automatically provided by the browser.

The security provided by the Chrome-Google Authenticator couple

Google has a high security solution with the couple Chrome and Google Authenticator. If you have a Google account, you can first verify that Chrome is saving all your passwords:

1. Select Settings then Autofill;
2. Click Passwords;
3. Check that the option Offer to save passwords is activated. And that it is the same for the option Automatic connection – the access to the sites is done then automatically.

That’s not all. Always on Chrome if you have synchronization enabled, you can have access to all your passwords regardless of the device used. To make sure your passwords are synced in Chrome:

1. Select Settings from the Chrome menu;
2. In the Google and you section, choose Google services / Synchronization;
3. In the Synchronization section, select Manage the content you synchronize;
4. Check that the Passwords option is active. If so, your passwords will be accessible from any device as long as you use your Google Account.

From here, you can log in to all the sites you signed up on from any computerany tablet, any smartphone.

However, how can you be sure that the security is maximum? It is essential to install on your smartphone the Google Authenticator app. From there, when you sign in with Chrome from a new device, a confirmation request is sent to the mobile phone.

We therefore have with the couple Chrome and Google Authenticator a flexible, high security solution and therefore highly recommended. Similar solutions exist with the browser edge from Microsoft or even Firefox.

View the list of saved passwords

Note that it is easy from Chrome or Firefox to consult the list of saved passwords.

Under Chromium:

1. Select Settings then Autofill;
2. Click Passwords;
3. The list of sites on which you are registered appears with the corresponding identifier. A click on theeye displays the password.

In Firefox:

1. Select Settings;
2. Select Privacy and Security;
3. Scroll down to the Logins and Passwords section;
4. Click Saved credentials. The list of sites on which you are registered from Firefox appears in the left column. On the right, a click on the eye reveals the password.

One last point: such browsers — and also password managers such as Dashlane — alert you if they detect that a site where you saved a password has suffered an attack that could lead to theft of your credentials. When this is the case, make sure to always fix it by changing your password.