Creating a secure and easy-to-remember password is easy! Yet too many people still use passwords that are insecure or easy to guess. Consequence: malicious people can usurp your digital identity to commit crimes, steal your bank details, or even reach a loved one by social engineering. It is therefore high time to better protect your accounts!
It's Monday, and when you open your docking station: surprise, Windows asks you to change your password again. Obviously, you can't put on the same one you had such a hard time remembering. In short, it gives you a good leg up, especially since this new password is added to all the others that you have had to change recently.
The development of the Internet has been accompanied by a multiplication of passwords to remember. And the temptation to simplify this daunting step by using simple passwords, or the same password for several accounts. New authentication methods (two-factor) make passwords less critical from the point of view of securing your online accounts.
Creating complex but easy to remember passwords is also not that complicated! Finally, although a step below from a security point of view, password managers can also save you a lot of hassle. You will therefore know everything, after reading this file, about passwords and how to better protect yourself!
Why worry about your online security?
Small people that we are, we tell ourselves that we are not a prime target. And yet, we can do many things with the identity of another: take out a loan, harm your reputation or that of a third party in your name, spread computer attacks and of course access your mailboxes and potentially all of your other online accounts and banking information.
In its 2015 report, the National Observatory of Delinquency and Criminal Responses, speaks for 2014 of an admittedly slight increase in attacks on people linked to cybercrime. However, the ONDRP estimates at this stage that only 11% of attacks result in a complaint from the victims. It would indeed be difficult for the latter to know that they have been the subject of an attack.
Finally, let's break down an open door: a good knowledge of password security is essential for anyone who wants to explore the dark nets and more generally the deep web while remaining anonymous...
Today more and more voices are being raised to announce the "death" of the password, which is deemed to be insecure due to the very use that is made of it: use of simple passwords, easy to guess, use of the same password for several accounts etc. However, there are solutions, including two-factor authentication, to overcome this weakness in terms of security.
Two-factor authentication is new to the general public. It involves logging in in two steps: first your password, then another generated or received on your laptop or an electronic key. So, even if we guess your password, you still need to be in possession of the terminal to be able to give the other code, which changes every minute (and therefore you don't know).
Facebook, Google, Twitter, Paypal, Apple, and Amazon offer, to name a few, this service – to be activated manually via the security section in your account settings.
You have been told that you have to use capital and lowercase letters, numbers and symbols: it is true, but it is not enough. You have to understand how two-thirds of passwords are discovered. Hackers most often use a so-called “brute force” technique: they test one by one the combinations from a specially designed dictionary with millions of entries.
This dictionary contains all the most obvious passwords, millions of combinations of words with their equivalent in l33t (substitution of letters by numbers and symbols), to which the hacker can add the results of his rapid social engineering investigation: names of family members, dates of birth, address and postal code.
Unfortunately, most passwords are constructed with one or more of these relatively easy-to-access elements, increasing a hacker's chances of getting his way.
A secure password should not mean anything at first sight. It does not include any expression (zip code, name, dictionary word, date of birth) that a third party can guess. It is also long enough. The best way to create one is to leave it to chance, and try to make sense of it. On Mac and Linux, open a window terminal and type the following command:
openssl rand -base64 8 | tr -d '='
For Windows users, open cmd and run the following command:
net user administrator /random
These commands generate each time a different password of 11 alphanumeric characters including symbols and case sensitive – truly random. Spawn several until you find one that's mnemonic enough.
For example HUMmHOM/rpM can be memorized by a sentence: HUM matheist Hhowl OM / rien pour Masses.
This is a logical consequence of the explosion in the number of passwords that we have to memorize: the development of password manager applications. Even the Google Chrome browser has gotten into it – which makes it possible to find some forgotten passwords.
No need to beat around the bush: the security of this type of application is in fact conditioned by the password you use to enter it. It is therefore average at best (catastrophic at worst) and is not to be recommended, as this solution can quickly be compromised.
- See also: How to put a password on a folder
Under OS X, no need for an app: you can use your keychain access. To find it, just do a little search in Spotlight: there, you will find all your saved passwords. They are encrypted, but protected only by your session password or a master key you choose afterwards (which, as dummies would say, is “good but not great”). On Windows, the equivalent can be found in the form of a paid application: 1Password.
- How to install a Linux virtual machine in Windows 10