The passwords are an essential component of our private life. They allow to lock the access to our secrets and to protect them from the curious people. But choosing a password and remember it is not something to take lightly.
The weakness of the password
Do you know what are the 6 passwords used by the most of the people in the world ? You will see it is not very sought.
1234 12345 123456 12345678 password qwerty
Very easy passwords to memorize, that are still the standards, as the people don’t really give attention to it.
But unfortunately, a password can be guessed or cracked. Concerning the guessing, the hackers didn’t have to go too far. With tools like John The Ripper, and several billions of words (wordlist), they only have to wait few seconds, or minutes to find the simple passwords.
And if the password is not a part of this list, but that is short with simple characters, like #@!~, the cracker will only need few minutes with a technique named brute force. The bruteforce consists to find the sesame by testing every combinations.
For example :
aaa aa1 aa2 aa3 ... aab aac aad ...
And after a while, your password won’t be a secret anymore. Obviously, more the machines are powerful, less they take time to test all these combinations. The super computers of the NASA are well known to be very efficient in that matter.
If your password is a word that we find in the dictionnary, it represents about 470 000 possibilities. So, it’s not a lot.
Then, for a password with 8 chartacters, a machine needs to test 100 million of combinations if the password is only established with figures; and 208 billions of combinations if the passwords is only made of lowercase characters. If the password is generated with uppercase and lowercase characters, as with figures, then there is a total of 218 trillions of combinations to test.
If these numbers are impressive, the computers nowadays are easily able to handle them quickly.
On the totality of the ASCII characters (128 different characters), a computer in 2016 needs :
– 11 hours for a password with 6 characters,
– 6 weeks for a password with 7 characters,
– 5 months for a password with 8 characters,
– 10 years for a passwords with 9 characters.
Of course, each year these numbers are decreasing as the power of the machines and softwares is evolving.
So, how to have a strong password ?
You will understand it, the main error to avoid is to choose a weak and short password, that is easy to guess or that is present in a dictionary.
If the people use weak passwords, it’s mostly by lack of imagination and mental laziness. However, it is possible to have passwords difficult to violate and that can be memorized with two techniques.
The first one that is the most successful is to use a password manager. The concept is simple: you have only a main password to detain. This one allow to lock a tool that will generate and contain the passwords for you.
A lot of passwords manager exist, but they all use a solid encrypted database that will store all your passwords. Most of them will also propose plugins for the web browsers, that will give the possibility to fullfill automatically the authentification fields on the websites. It is very useful.
Here are some of these passwords managers :
You just need to choose the main password a firm and memorable one that will unlock the passwords base.
Then, depending on this software, you can enter and save your identifiers, passwords and for some of them your personal informations (name, firstame, address, …), banking accounts, credit cards. It will automatically fill the forms.
A very interesting functionality with these managers is the possibility to generate these passwords totally randomly. They are then kept in the digital safe. You can finally get loose about the complexity and the length of the password, because you won’t have to remember them.
This system only presents advantages. No more need to think about the passwords and over all you can generate a unique long and complicated password for every website that you use. If there is a data leak, it won’t be too serious as every thing is encrypted from the beginning to the end. Your passwords won’t be directly visible in the nature. The only risk with this kind of tools is that you give voluntarily or not the main password.
It would indeed give access to the person to the entire base of access to the respective websites and personal data. But a technique called double authentification (that we talk about too in this article) can prevent this risk.
How to memorize a password?
The second technique to have heavy passwords and that we can’t forget is to do what we call passphrases. Instead to put something like #d1A@qB9!~, which is not obvious, it is better to constitute a passphrase that you won’t find in a book or in a song, but only in your head. For example:
My cat will never be the unicorn that I follow in my dreams when I eat cupcakes
The phrase is very long, easy to memorize and impossible to crack at the moment of the writing of this article.
You can of course make it more complicated by adding ASCII characters to it, which will inscrease the level of difficulty:
My cat will nev#r b € the unic ¤rn that I ƒollow in my dre@ms when I &at cupcake$
It is required to not write this new password in a text file or on a post-it. Or to give it to someone, a coworker, a friend. A password is supposed to stay private and only in your head.
The ideal is to employ a passphrase as main password of your passwords manager, then to generate these complex passwords for each online service that you consult.
The secret question
The secret question is what a website is asking to you to get back your forgotten password. For example, the name of your pet, the name of your favorite teacher, book, the maiden name of your mother, your favorite color, the name of your birth place.
As this is the kind of information easy to find if we know you a little or if someone asks it to you and that you answer naively, you are invited to answer a stupid information that you will remember for every secret question.
Name of your pet : Kim Jong-un The maiden name of your mother : Daenerys Your favorite color : sausage Your birth place : Alpha Centauri
The authentification in two steps
This processus is primordial. It is based on a simple principle. To authorize you the access to a service, you have to give something of your person, something that you own, that characterizes you.
For example, in addition of a password, an online service will send you an email or a sms containing a pin code to type in a field. Other hardware solutions also exist on USB keys (like Yubikey) to insert in your computer. Or even biometric tools that require your digital footprint, or your eye video capture.
The idea is to combine these informations. And in case of theft of a password by a cyber criminal, this one won’t be useful if he has not stolen your smartphone or torn your finger.
Most of the online services and passwords managers propose the double authentification and you should really think about to enable it.
Finally, managing passwords effectively and memorize them is not such a brainteaser. You just have to invest some time to choose a good passphrase that will remain in your head, and to rest then with the help of a powerful passwords generator with vivid imagination and the infaillible memory of a passwords manager.
It’s the moment to change your passwords, make no mistake!