How to create a good password?
The big rumor of February 10.
Confused by what you just read? That’s normal, it’s not supposed to make sense to you. What has just been shared is an example of an effective password you could use!
To you, the sentence makes no sense. In the eyes of another person, it is the perfect reminder to never forget a password while making sure it is secure.
Your website is a target…
We’re all in hackers’ crosshairs. Get your free analysis of your current situation in less than 5 minutes.
Password: what to avoid?
We all know that a password is a sequence of secret characters that, combined with a username (or email address), allows us to access our account of any service.
As you may imagine: some passwords are better than others!
Let’s start by losing bad habits by analyzing password characteristics to avoid.
The year of birth / combination of 4 digits
Birthdays and years of birth are frequently used in passwords. If your year of birth has already ended up in a data breach (spoiler : it was), the cross-reference could be used to try to guess your passwords.
Be careful, your civic address is probably made up of 3 or 4 digits. It is also to be avoided!
Variants of the word “Password”
This one may seem obvious. Despite this, the word “password” is constantly found in the top 10 most popular passwords every year. There are even “password1” and “passw0rd” as common variants. This password is probably one of the first passwords tested by bots during a brute force attack.
Easily identifiable patterns on your keyboard
Other popular passwords include easily identifiable patterns such as “qwerty”, “123456”, “asdf 1234”, etc. These passwords are also very easy to guess and test.
Your name, names of relatives, phone number, email, social insurance number, name of your pet. Again, if your data is compromised due to a flaw at a previous site, all that information could end up in the hands of a hacker. Remember to keep this information for security reasons rather than your password. When choosing security questions, be sure to choose questions that only you (or almost) could know the answer.
References to sport
For some reason, references to sports are very common in passwords. The words “football” and “baseball” are the most common, but we recommend not using similar variants that could be easily identifiable as “gohabsgo”.
Password: what to do?
So, now that we know what to avoid, what constitutes a good password?
A secure password contains a few key features to remember:
- It contains at least one lowercase letter and one uppercase letter.
- It contains special characters ( !, %, *, # ) and numbers (0-9).
- It contains at least 12 characters. The longer it is, the harder it is to decipher for a password testing algorithm.
- It is unique for this service.
- It does not contain the bad practices set out above.
There are several ways to choose a good password. To remember each of them, our recommendation is to opt for a password manager that allows you to generate very complex passwords according to several criteria such as:
- Bitwarden (open source)
- LastPass (ease of use)
- 1Password (ideal, in our opinion, to organize your passwords).
In addition, it is possible to prevent access to your account with two-factor authentication (2FA or 2 factor authentication or 2 step verification). If someone knows your password, that person will need to enter a second code that will be sent to you via SMS or email to bypass authentication and access the account.
Ideally, opt for a two-factor authentication application such as Google Authenticator (Android or Apple) which is more secure than SMS because it can be overridden if you were a victim of SIM Swap fraud.
In terms of emails, it might be interesting to check if your email does not end up in a database breach using a service such as haveibeenpwned.com that allows you to discover if your data has been compromised.
Finally, it is important to understand that it is not impossible to get hacked despite all this. That said, your password is a bit like the lock on your front door. This is the only thing that prevents a malicious person from entering your home.
A bad password is no more secure than a bad lock. That’s why you should always choose a “good” password!