Who has never forgotten their password when trying to connect to one of their online accounts? This situation, sometimes particularly annoying when it comes to its banking application, is often brushed aside thanks to the solution “Forgot your password“.
Most of the time, an email is then sent to change it. In a hurry to be able to log in again, you improvise a password in 30 seconds or you repeat one you already use. Then, you write it down on a piece of paper lying around or send it to yourself by message so that you can remember it if necessary.
At the risk of panicking some, this is far from being the ideal plan for protecting your personal data online. Don’t panic, here are 10 concrete tips for strengthening your passwords, managing them and securing your confidential information.
Do not put personal information
This may seem obvious, but indicating your last name, first name or address in your password is not the idea of the century. “No one has to guess your password from the name of your dog or your favorite movie. Same for the code of your smartphone: prefer a random number to a year“, recalls the National Commission for Information Technology and Liberties (CNIL) in a dedicated article available on their site.
“123456”, “azerty”: do not use an obvious password
It is not necessary do not use an obvious password. Again, this seems like common sense. Yet, “123456“, “123456789“, “azerty“(first letters of the keyboard, Editor’s note), “admin“, “1234561“, “azertyuiop“, “loulou“, “000000“, “doudou” And “password” make up the top 10 most used passwords in France according to the latest ranking from specialist NordPass, released in November 2023. For 9 of them, it takes less than a second to decipher. Little singularity, “marseille” is in 11th position.
🔐 Unveiling the Champion of the most common passwords in 2023 🏆
Hint: What do you get when you combine the first digits in sequential order? The answer lies in the most common password of the year.
Find out who topped the leaderboard! But please, don’t get inspired.💡
— NordPass (@NordPass) November 15, 2023
Use at least 12 characters
Ideally, a password must contain 12 characters. “It may possibly be shorter if the account offers additional security such as account locking after several failures, a character or image recognition test (“captcha”), the need to enter additional information communicated by another medium than the Internet (example: an administrative identifier sent by La Poste), etc.“, explains the Ministry of the Economy on its websiteFinance and Industrial and Digital Sovereignty of France.
Numbers, letters, special characters
These 12 characters must consist of numbers, letters and special characters. “Your password must consist of four different character types : uppercase, lowercase, numbers, and punctuation marks or special characters (€, #…)“, specifies the Ministry of Digital Sovereigntyjoining a recommendation from the CNIL.
A different password for all your accounts
This is the advice that may seem the hardest to implement as the use of a single password is such a widespread habit. Especially since on average, an Internet user “has around a hundred professional and personal accounts“, establishes the portal for the digital transformation of businesses “francenum.gouv.fr“.
However, to secure your data as much as possible, choose a different one for each of your accounts allows you to drastically improve the protection of your personal information online. “To avoid cascading hacks, each of your online accounts that are sensitive (banking, messaging, social network, etc.) must be locked with a clean and unique password“, notes the digital privacy watchdog. Fortunately, solutions exist to avoid having to memorize everything (see the point on using a password manager below).
Enable two-factor authentication
Although this is sometimes annoying, double authentication remains one of your best assets for securing access to your accounts. When possible, enable it. “If someone logs into your account from an unknown device, the site notifies you by SMS/email. You are free to authorize or deny access!“, indicates the CNIL.
Renew your passwords
Change your passwords regularly is a very good way to secure access to your various online accounts. “On sites where you have stored sensitive data, remember to change your password regularly: every three months seems to be a reasonable frequency.“, writes the Ministry of Digital Sovereignty on his website.
Make your email password as secure as possible
If you had to strengthen just one of your passwordsit is that of your email box. In fact, it allows you to access and register for most online services and, where applicable, to be able to carry out the action.Forgot your password“. Reason why it absolutely must be solid (following all the advice in this article) and unique.
If you do not do so, it is at your own risk. “If your social network provider is the victim of a data leak including your authentication methods, a malicious person could use them to not only access your social network account but also to access your emailexposes the CNIL in an article dedicated specifically to protecting your email password. In addition, once access to your email has been obtained, it will become possible to see the list of registration messages for your accounts on different sites (if you have not deleted them from your mailbox). It will thus be possible to know some of your account identifiers and use the forget password function to take control of them.“.
Still according to the CNILlack of security or using a weak password for your email exposes you to these risks:
- Spoofing your mailbox to trap your contact list;
- addition of an email redirection (often undetectable after the compromise of an email box): your emails continue to leak despite any subsequent password change…;
- connection of the hacker to your third-party sites and applications;
- use of your bank details to pay;
- identity theft using data collected in your email box;
- ransom demand following compromising data found in your email box.
How do you know if your email is in a hacked database?
A site lets you know if your email is in a hacked database. It is “haveibeenpwened” (literally “aHave I been compromised?” in French). It lists all emails compromised in the event of a massive data leak. The user only has to enter their email to find out if their passwords are potentially in the hands of malicious people.
Don’t misplace your passwords
Finding a good password is good. Don’t leave it lying around, it’s better. “Post-its, text files, your smartphone or your email inbox are not designed to secure the storage of your passwords, warns the CNIL. Also remember to never save them in the browser of a shared computer“.
Remember your passwords using your memory or a manager
For remember them without writing them downtwo options are available to you: memorize them by making your neurons work or resting your brain using a password manager. “Memorize a phrase then use the first letter of each word to create your password. The sentence must contain numbers and special characters!, suggests the CNIL which puts at your disposal a generator that allows you to design your password in seconds. Or, use a password manager or encrypted keychain to store your passwords securely. You will only have to remember one password to access all of your accounts!“. Practical.
Very concretely, password managers are safes for your personal authentication data. “When creating your account, you create a master password to access the manager. All other passwords in this vault are encrypted with your master password as the encryption key. The robustness of your security therefore depends on that of your master password which must be very difficult to guess and which you must update regularly“, details francenum.gouv in an article dedicated to this option. This digital transformation portal recommends in particular “KeePass“, free software in French, certified by ANSSI (National Agency for Information Systems Security), which allows you to securely store your passwords for use in your applications. But, there are many othersfree or paid: NordPass, Dashlane, 1Password, Proton Pass… The choice is yours!