“12345”, “doudou”, “azerty” or “marseille”… In 2021, as in previous years, the most used passwords in France looked like invitation cards for hackers. How to ensure the security of its data, in this case? We summarize in three points.
Why do we still have to use passwords in 2022?
If using “I love you” or the first letters of the alphabet as an access code is not ideal, it is because the password is the first barrier against digital intrusions: the more common it is , the easier it will be for the intruder to guess. Once this is done, the hacker will be able to roam around your bank accounts, health insurance or any other digital service.
France is one of the countries most targeted by data leaks, according to cybersecurity specialist NordPass… And the French have a certain tendency to overestimate themselves, especially when faced with phishing emails. However, these attacks that mimic an official email or SMS are often used to recover username/password pairs. Phishing and hacking of digital accounts are the top two cybersecurity threats in France.
What are the rules for creating a password?
A good password has between 8 and 12 characters, according to government recommendations, and varies lower and upper case, numbers, letters and special characters. The goal is to slow down brute force attacks, which hackers use to automatically defeat this first barrier. A secure password does not include information about you or your loved ones that could be retrieved by searching for you online: no names, dates of birth, or such indications. A doubt about the idea you are developing? The Nothing 2 Hide association, which specializes in digital information security, invites you to test its robustness. The Cnil, for its part, goes so far as to suggest the use of passphrases, which are longer, but also easier to remember than a word in which you no longer know where to place capital letters and special characters.
The following rules are to modify the default passwords and to change the password for each service. Otherwise, as soon as one of your accounts is compromised, your entire digital identity is at risk. Pay particular attention to the protection of your e-mails, because it is through this box that most of the messages for recovering passwords from other services circulate. To check if your credentials have leaked somewhere, you can use the haveibeenpwned site or Chrome or Firefox extensions – as soon as you are in doubt, change the password you are worried about. Never communicate them to a third party, and ideally, do not use them on a shared computer (or else be sure to use private browsing and close all your sessions before leaving).
How to retain everything?
Complicated to find your way around? Don’t panic, that’s what password managers are for: they play the role of a digital keyring by storing the username/password pairs for each service. If you adopt one, you will only have to memorize one thing: a very solid passphrase which will be used to unlock the manager.
Moreover, if the password is the first anti-intrusion barrier, it is not the only tool available. Multi-factor authentication, widely used in the banking world, is being extended to more and more services. If you have a Google or Microsoft account, you can even decide to use this solution to improve the security of your accounts. In this way, it will be impossible to access it without having your smartphone at hand.