Security – Tips for a strong password
If there is anything you should remember in terms of strong passwords, it is the following three rules:
The password contains at least 16 characters
The password meets certain complexity criteria
A password have to be used for only one service
Creating reliable and complex passwords is one thing, but remembering them is another.
Several approaches exist and, at present, many specialists advise using programs that allow complex passwords to be created and stored in a secure manner. This approach makes sense in a professional environment, where many people need to have access to this type of sensitive data.
However, in case of data loss it will require to be able to fully restore the backup.
Note that this type of program can be hacked. Just like your session when you work with it.
So do you know which instrument can never be pirated ? Your brain !
This is where the mnemonic methods to be used to choose the right password for each service come into play.
Choose and retain 3 to 4 words that are simple. Let’s take: chocolate, bridge, good, welcome
We decide to capitalize the first letter of the words, or the last one, or why not the penultimate one. The important thing is to discipline yourself to the same logic.
Then, between two of our words, or at the beginning or end, we insert an element that identifies the account or service for which we use the password.
In order to avoid the latest cracking algorithms, two other operations can be split.
For example, it will be decided to systematically substitute a current letter with a number, for example the o will be replaced by the 0, and another by a special character, for example, the a by @.
Our password becomes: Ch0c0l@teWind0wsBridegG00dWelcome
A final step to further increase the level of security is to translate one or the other of our words into other languages. You can choose the second last one in German, and the last one in English: Ch0c0l@teWind0wsBridgeGutBienvenue
The fact of mixing several languages makes it possible to put in difficulty certain dictionnary based cracking tools working with performance on the “word” unit.
Current password cracking engines can very quickly test entire words using dictionaries. The exhaustive tests of the possibilities can be done very quickly.
If we use English words, we will have a lexical field of about 200’000 current words (171’000), 60’000 for French and German. If we mix these three languages, we obtain a much greater number of possibilities, thus an exponentially increased cracking time. Some critics of this method rightly point out that the average lexical field used by ordinary people is 20,000 words.
Assuming that the cracking program is configured to use only the current part of the vocabulary, and also assuming that it manages “known” permutations, @=a, e=3, o=0, etc.), a password constructed according to the following method would put, locally with current computing powers, at best, a little over 500 years to be cracked if only one language is chosen.
You can consider yourself at ease as soon as your password takes more than a year to crack.