Our previous article explored why biometric authentication is now one of the most secure solutions for protecting our digital devices. But even this advanced technology is not infallible or self-sufficient. For optimum security, it must be combined with other forms of authentication, particularly multi-factor authentication (MFA). Of the various authentication factors available, password authentication remains a must – provided it is well-designed.
This article guides you through the process of creating a strong, state-of-the-art password, while avoiding some common pitfalls.
What is a strong password?
A password is a key element of authentication, based on a knowledge factor – in other words, something that only you, the user, know. Unlike a PIN code, which contains only numbers, a strong password mixes upper and lower case letters, numbers and special characters such as punctuation marks.
In 2024, a truly secure password must be at least 12 characters long, combine all the different types of characters listed above, and avoid any personal information that is easy to guess, such as a date of birth or a common name. Using techniques such as ‘leet speak’ (where letters are replaced by numbers or symbols) can make the password even more complex and therefore harder to guess or even hack.
Strong passwords have several advantages: they are simple to use, you have total control over them, and they are compatible with virtually all systems. What’s more, a well-designed password can resist sophisticated automated attacks, such as brute force, distributed or dictionary attacks. However, passwords also have a few downsides.
The risks of ‘strong’ passwords
Despite these advantages, password authentication does have its limits. Here are the main risks:
- Forgetfulness: With increasingly complex passwords of around ten characters and numerous, it is becoming difficult for the human memory to remember them all. Even if using different passwords for each account is recommended, it can lead to confusion and mistakes.
- Disclosure: Some people write down their passwords on a physical medium such as paper, thinking they are safe. However, if this paper falls into the wrong hands, all your accounts could be compromised.
Particularly when it comes to digital devices (computer or phone), it’s easy for someone in your vicinity to glance over your shoulder and memorize your PIN or password when you enter it on your device. This form of fraud is particularly worrying on mobile devices or in public. There are ways of reducing the risks.
Solutions for securing your passwords
To take advantage of the benefits of passwords while reducing the risks, here are a few practical solutions :
- Using a password manager: Rather than remembering every password, entrust them to a password manager. These tools, also known as ‘digital safes’, store your passwords securely and can generate unique passwords for each account. Access to these passwords is protected by a master password, the only one you need to create and remember.
- Regular password rotation: Some sites require you to change your passwords regularly. This can increase security, but it is important that your new passwords are really different from your previous ones to avoid being vulnerable in the event of a leak.
When it comes to proximity attacks, the simplest solution is sometimes the best: type in your password away from prying eyes and be wary of nearby cameras that could capture your information.
Ultimately, biometric authentication remains one of the best security methods. However, it is most effective when combined with a strong password. To effectively protect your devices and your digital privacy, it is essential to adopt a multi-factor authentication strategy. Combine complex, secure and regularly updated passwords with the latest biometric technologies for optimum protection against cyber-attacks.
Freddy BASILA BULAMBO
M2 Digital Economy Law – Class of 2023/2024
Sources :
CNIL – Générer un mot de passe solide
Ministère de l’économie – Comment créer un mot de passe sécurisé et simple à retenir ?
Freddy BASILA BULAMBO – Biometric authentication: the best security for your devices?
Mooc de l’ANSSI sur la Sécurité numérique
CNIL – Mots de passe : une nouvelle recommandation pour maîtriser sa sécurité
CCN UNISTRA – Atelier : Le mot de passe sans les maux de tête
A propos de Freddy BASILA BULAMBO
En formation en master 2, droit de l'économie numérique à l'Université de Strasbourg.
Thanks for your advices…
And if you got some “digital safe” link, please share it with me.
You’re welcome!
Any links concerning password managers?
Yes, I’m interested !
There are several available, some of which are offered by antivirus companies (Norton, Kaspersky) as add-ons.
However, I’m thinking in particular of #KeePass, recommended by ANSSI (Agence nationale de la sécurité des systèmes d’information).