Posted on by Frédéric Desclos

Choose your password carefully

A password is generally the key to accessing valuable or at least confidential information. It is therefore important to choose it carefully so that you don’t forget it, and above all so that it is not easy for someone with malicious intent or who is simply curious to guess it.

Good practice dictates that everyone should use a different password for each purpose, so you should have a different password for each website you visit, for logging on to your computer, for your wifi, etc…

In practice, however, we find that users make do with a single password for all purposes, from the most critical (Internet access to bank accounts) to the lightest (access to a recipe forum, for example).

To limit the risks, however, it is wise to use several passwords, by access category. A distinction is made between passwords for critical applications, such as banking, administration of accounting software or access to gambling sites, and those used more lightly for entertainment (forums, free online games, mail order sites, etc.). We will confine ourselves here to considering these two categories of password.

Since we saw earlier that the same password can give access to critical systems, it is important to choose it carefully, and above all to remember it without having to write it down somewhere! All too often we find logins written on the screen and passwords written down in a hurry on a post-it note stuck under the keyboard because they are too complex to remember…

So what makes a good password?

Above all, it is a password that is difficult to find, so avoid using simple words from the dictionary. A password should therefore be a mixture of upper and lower case letters, numbers (which can cleverly replace letters such as 0 instead of o or 3 instead of e) and so-called special characters ($, ! for example, which can replace an s or an i).

So here we are, able to create an initial password that is almost satisfactory from a security point of view. Let’s imagine the pharmaceutical company Pfizer and the resulting password could be Pf!z3r. Here we have a capital letter (the P), a special character (the ! instead of the i) and a number (the 3 instead of the e).

But a password may escape you… Once the word has been dropped, it is relatively easy for a malicious person to try several combinations of upper case, lower case, numbers and special characters to find your key and compromise your data…

A good password is therefore ideally one that you can easily type into the keyboard but that you can’t just say… How do you achieve this holy grail, you may ask?

My technique for doing this, while not infallible, has already proved its worth…

Choose a phrase, a proverb or a slightly long film title, note the first letter of each word and put them together.

For our example, we’ll choose “Master and Commander: The Far Side of the World “

The result is: mac:tfsotw

You will recognise that the pronunciation is not the easiest and that it will naturally be very difficult to say the password without thinking about each word in the sentence.

All that remains now is to make it a little more complex to comply with the various security policies by mixing upper case, lower case, numbers and special characters:

The result is as follows: Mac:Tfs0tw!

And it’s totally unpronounceable, but devilishly effective…

Now let your imagination run wild and remember that a password is strictly personal, and that the access it gives you is generally your responsibility. You’ll never be able to say, ‘It’s not my fault, I gave him my password…’.

Password Incorect