Several studies show that the most commonly used password this year was, once again, "123456". Classic passwords like "QWERTY", "password", number sequences, first names, website names and variations on those themes are also very common.
Unfortunately, using those types of passwords is the equivalent of leaving the key to the front door under the doormat.
Pirates use several methods to guess or steal passwords:
- brute force or the dictionary method: extremely effective for cracking short passwords, this method involves trying every possible combination of letters, numbers, words from the dictionary and common passwords. Pirates have developed special software in recent years, which can find any simple password in a matter of seconds;
- theft of passwords from a website with low security (such as a local sports club or neighbourhood group), or by installing malware on computers;
- opportunistic theft of passwords from post-its, notepads, Excel files on a shared directory, etc.;
- social engineering: pirates gather information from social media sites, such as LinkedIn, Facebook, Instagram and Twitter, to guess passwords (names of relatives and friends, dates of birth, pets, hobbies, etc.) or try to answer security questions to activate a new password ou (such as au hit parade : "mother's maiden name" or "name of your first pet").
For pirates, finding a password is only Step 1. They then try to use it on other websites (email, online banking).
Two simple rules reduce the risk of having your accounts broken into:
- Choose passwords that are long (more than 8 characters) and complex (a combination of upper and lower case letters, numbers and special characters);
- Use a different password for each user account (email, banking, work applications, etc.).
The disadvantage of complex passwords is that they can be hard to remember. So here are a few tips:
- think of a phrase that's easy to remember, and use the first letter of each word by alternating upper and lower case letters and numbers. For example, the slogan "Common sense has a future" could be used to create the password "CsHaF2r";
- use a mathematical formula (true or false): "35+12equals47" or "VIII+Two=82";
- mix up the syllables of two words: "Round" and "Square" gives "RoUsqUNdAre". To create a different password for every website, include letters from the name of the website in each password. For example, to log on to the website ameli.fr, put the letter "i" at the beginning of your password and the letter "a" at the end. Combine them with the movie title "The Imitation Game" and your password for ameli.fr could be "iTimit8shunGa!".
You should change the password to your most sensitive accounts regularly.
Even if you have followed this advice, your email address can be the weak link in the chain if it is poorly protected. Pirated email addresses can be used to access most of your online accounts, simply by requesting a new password.
You should protect each of your email accounts with a robust, dedicated password.
When a service offers you a way to recover your password if you forget it, choose your security questions carefully by avoiding any that can be easily answered using information available on the Internet (home and work social media accounts, etc.).
Wise password management takes creativity and following a few simple tips.