A good password for every occasion

Let’s be honest, choosing a good password is not easy. With time, the list keeps getting longer. The consequence of this accumulation is that we start to forget them. The temptation is strong to just use our dog’s name everywhere.
Unfortunately, using “Fido01!” is a disaster waiting to happen.

Vincent Tremblay is an IT security specialist and one of the organizers of the Hackfest, an annual cybersecurity event. In his free time, he also “loves to crack passwords”.
Cyber criminals, and security researchers, use different techniques to “crack” passwords. One of these is called “brute force”. Basically, this technique means testing a great number of passwords until you find the right one.

There are many lists with tens of thousands of passwords available on the Internet. It is also pretty easy for a criminal to do some research and find words, like the name of a child, partner, or pet, to add to these lists.

 A computer can try thousands of possibilities per second. The programs used to brute force passwords have the capacity to also test common substitutions, like using the “@” for an “a”. The longer and more complex a password is, the more difficult it is to use brute forcing, because the time it takes to test all possibilities becomes enormous.

From pass-word to pass-phrase

In their guide, the Canadian center for cyber security recommends the use of a passphrase of at least 4 words and 15 characters.

Vincent Tremblay believes this is good advice, but “if the chosen words in the phrase are common, or have a link, […] or are well-known sentences from a movie, for example, this could help out the hackers”. He adds that we can make this passphrase more robust by “making some voluntary errors or substitutions”.
For example, I could use 4 random words, with the last letter in upper case and a spelling mistake in the last word: “tablEchocolatEbirDhorssE”

A manager for your passwords

It is important to not reuse passwords. If an account is compromised, an attacker can easily gain access to all the others that use the same credentials. Since it is pretty difficult to remember all those passwords, Vincent Tremblay explains that “the best strategy is to use a password manager.”

A password manager is an application that will create and store passwords. This way, we only have to memorize one. Of course, it is important to make sure that that one password is strong and unique.

A second factor to be allowed in

For this member of the Hackfest team, “ideal cyber security has overlapping layers”. He recommends two-factor authentication (2FA). This means that to gain access to an account, I will need another piece of information besides my password.
This might be a code sent by text message. Vincent Tremblay recommends the use of “Google Authenticator”. It is an app that will generate temporary access codes. He adds that, “in general, 2FA is easy to use, but there is some getting used to it”.

The passwords that we use are there to protect a lot of sensitive and personal information. That is why experts recommend that each one be long, unique and hard to guess.

Fido might be able to defend the house, but using his name will not protect a bank account very long.

By Sam Harper,
Freelance journalist for Victoire Events & Web

A few years ago, Sam Harper traded his stethoscope for a keyboard. Independent journalist and programmer passionate about cybersecurity, He writes words and code. He is particularly interested in the social and political implications of the algorithms that influence our lives.