The Internet has become a central part of our lives. The advent of this “network of networks” has its advantages but also its disadvantages. The disadvantages are of course cyber-attacks. A password that is too short and too simple truly paves the way for a cybercriminal.
Today we all have a footprint on the Internet whether it be through a professional social network that contains our contacts, a social network with our personal photos or a professional account in a company. Of course, some people will think: “You can’t compare access to a company account with the photos on a Facebook account”. And yet…One must keep in mind that what is not valuable some, can be valuable to others.
A good place to start is the securing of passwords. This applies to both individuals and organizations.
Digital footprint
Are you fully aware of your digital footprint on the internet? Let’s look at this concept. It’s all the data you have accumulated on the Internet since you started using it. It can be the sites you have visited, the emails you have sent or the accounts you have created… In our case, we will focus on the latter.
This exercise can be tedious because it involves listing all the sites for which we have active accounts. To be thorough, the sites for which we have created accounts but for which we have no use or have never really used should be included.
Start by deleting the accounts you no longer need. Today, more and more sites offer the possibility to delete an account.
Now, for the accounts that you use regularly, we will see how you can secure your passwords.
Strong passwords
How do we define a strong password? The French National Agency for the Security of Information Systems provides some indicators of the robustness of a password.
It is strongly advised to have a password of at least 16 characters and containing:
- At least 1 capital letter
- At least 1 lower case letter
- At least 1 number
- At least 1 special character
But if you want to remember it, you can also increase the number of characters and define what is called a “passphrase”. Between each word you can add a space; this is a special character that is often forgotten. Example : It is super hot today 30*C!
To add strength to the password, you can check that it is not in a password dictionary. Indeed, these dictionaries are used by hackers to make a dictionary attack. This means that a script will run to test each password until it is correct.
Finally, use a unique password for each account. This may sound complicated, but you won’t have to remember it; and that brings us to the next point.
source:
https://www.ssi.gouv.fr/administration/precautions-elementaires/calculer-la-force-dun-mot-de-passe/https://github.com/tarraschk/richelieu/blob/master/french_passwords_top1000.txt
Password manager
A password manager is a software that allows you to store all your passwords in one application, but not only that: if you don’t want to go through the trouble of creating your passwords, the manager can generate them for you. The only password you will have to remember is the password of the manager itself.
source:
https://bitwarden.com
https://www.dashlane.com
https://1password.com
https://keepass.info
Double authentication
Dual authentication (or 2-factor authentication) is an authentication method in which a user can only access a website or application after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism. There are 2 types of dual authentication:
- Software: This gives you a code that you will be asked for when you log in to an application. The code is valid for a short time (30 seconds to a few minutes);
- Hardware: This is a USB key that allows you to authenticate to an application only if it is connected to the computer. It can also be what is commonly called a “calculator”, on which codes are generated at a certain frequency. But the latter is becoming increasingly rare.
Source :
https://solokeys.com
https://www.yubico.com
If you are following these best practices, congratulations, you are part of a small minority… you are much hard to attack than someone who isn’t.
If you have any questions, you can contact us at our email address:
contact@bradleyrollins.com
Écrit par Mehdi Amor