To escape brute force attacks, only a random process can create a secret code likely to escape the claws of pirates.
For a few years, many experts have assured us that the password will soon disappear. But it is clear that these pesky secret codes are still there, and so are the pirates. Pending their future disappearance, it is therefore necessary to know how to concoct a good password, which can resist brute force attacks. Forget your little tricks, based on the first names of your pets or your pseudo personal algorithm that you are – apparently – the only one to know. Only a random process can save your ID in case of hacking. Two methods are generally recommended: random generation and passphrase.
The first is to create a random sequence of characters from uppercase letters, lowercase letters, numbers and special characters. According to ANSSI, for such a code to be considered “strong or very strong”, it must be at least 15 characters long. This has also been more or less confirmed by the company Hive Systems, which recently conducted password cracking tests.
An eight-character password is cracked in less than an hour. The operation only begins to become dissuasive from 11 characters, and requires decades. To crack a 15-character code, it takes a billion years. The only concern is that a random 15-character password is very difficult to remember. The only solution is therefore to use a password manager.
The second method consists of randomly aligning a few words from the dictionary, embellished with a few numbers or other special characters. The result can easily exceed 25 characters, which is excellent from a security point of view. And in addition, such a password is much easier to remember. It is therefore particularly recommended for the most sensitive cases. For example to set the master password of a password manager.