Passwords make life difficult for us on a daily basis, and it’s not about to be over. Here are several strategies for mastering this universal problem.
Computing has been around for more than fifty years, yet the security of most digital services still hinges on a simple, mundane concept: the password.
He is painful to handle, easy to forget, too easily the victim of a typo, and many of us want him dead. But the secret code resists and we probably still have to drag it like a bullet for many years to come. So how do you do it? Here are some tips and technical advice to make this forced cohabitation more bearable.
The mnemonic method, a risky bet
Some have decided to never store their passwords anywhere and have adopted a mnemonic method. For example, we can start from a basic secret code that we are certain to remember and that we will adapt for each user account by applying a secret algorithm to it. Example: password = [code secret] + [un dérivé du nom du service web].
Of course, you get passwords that are all different, but using a mnemonic device creates the risk that a hacker will one day find out. If he manages to get his hands on multiple passwords – poorly secure databases are not uncommon – he could guess the logic being used and thus compromise all the other passwords at once. This is why it is always better to generate your passwords randomly.
The notebook, less ridiculous than you think
The problem with random passwords is that they’re impossible to remember, so you’ll have to write them down somewhere. If you have less than twenty and you are not very nomadic, it is quite possible to use a small notepad.
The advantage is that no hacker will be able to steal its content through malware. However, do not forget to regularly create a copy to put in a safe place, ideally a safe.
The easiest way to manually generate passwords is to choose a random succession of words, adding numbers, capital letters and special characters. Thus, the password will have sufficient length and will be easier to type than a completely random sequence of characters.
But there is still a significant risk, it is to lose or to be stolen this physical support that we will always have nearby. The content could then be exposed to third parties. But there are tips to reduce this risk. For example, you can equip yourself with a secret code that you will be the only one to know and that you will systematically include in each password.
This will then be the combination of a memorized secret code and a succession of random words noted in the notebook. Even if this medium falls into the hands of an attacker, passwords remain secure, at least long enough to be able to change them quickly.
The browser, a solution to avoid
If you have several dozen passwords to manage, the notebook will quickly become unbearable. It will then be necessary to turn to software. Browsers allow you to save passwords, but passwords are not always stored encrypted. Someone who accesses your workspace can then siphon off all your secret codes.
To have optimal security on a browser, you must create a user account, whether for Firefox, Chrome or Edge.
The advantage is that the browser can automatically fill in the password on the sites where you connect. The catch is that you are then dependent on this browser. Moreover, this does not resolve the case of passwords to be entered on applications, whether mobile or not. The features offered by browsers are not very provided either. In short, this is not the right choice.
Password manager, spoiled for choice
If you have to choose a software, it is better to turn to a specialized editor, whose main mission is password management. There are quite a few solutions on the market, but basically the principle is always the same. It is nothing more or less than a database, encrypted and protected by a master password. Then come a whole host of features: automatic synchronization between multiple devices thanks to the cloud, automatic generation of new passwords, automatic filling of online connection forms thanks to browser extensions, audit of the quality of pass used, compromise alerts, strong authentication, recording of encrypted notes, etc.
The pricing methods are also very varied. All generally offer a free version for a limited number of registrations or terminals. To go further, you will have to put your hand in your pocket.
There is only one that is completely free, and that is the open source KeePass software (as well as the unofficial versions of the KeePass community). Unfortunately, it is less easy to understand than the others.
The most prominent brands are LastPass, 1Password, Bitwarden and Dashlane. The best is to test several and choose the one that seems most practical to you.
The ultimate: the physical box
The problem with password managers is that they are software that consistently expose the password base at the operating system level. If the latter is infected, the risk of losing all of its secret codes is quite great. This is why some have developed dedicated physical boxes to store passwords, which reduces the risk of compromise as much as possible.
This is the case, for example, with Mooltipass Mini, a device that stores passwords in an encrypted manner and protected by a smart card. When the user wants to connect to a service, the password is sent by USB to the connection form.
An improved version with Bluetooth support is in preparation. Similar hardware solutions are offered by OnlyKey and Hideez. Here again, it will obviously not be necessary to forget a back-up in the event of loss or theft of the object.