If you had to remember just one thing about passwords, it’s this one

What do the years 2012, 2016 and 2021 have in common? These are years of data leaks from the social network LinkedIn. And the years 2013, 2018 (twice!), 2019 (5 times !!!), 2021? These are the years of Facebook data leaks. Other social networks have also had their unfortunate years.

ou are probably wondering if we are talking about some user accounts that have been hacked. In reality, it’s more than a few accounts. Facebook’s 2021 leak includes the personal information of 533 million users. We’re talking about phone numbers, addresses, email, age, family ties … in short, everything you need to do identity theft. And these leaks aren’t the worst ones.

The worst ones are those that include passwords. You are probably thinking to yourself “Well, I just have to go and change my account password”. It’s a good start, but did you know that 13% of people use the same password for all of their accounts? And that 52% of people reuse the same password for multiple accounts (but not all)? Only 35% of people use a different password for each one of their accounts. You have 35 accounts? You must have 35 different, strong passwords. We’re not talking here about tips and tricks like DaddyMomFB, DaddyMomLI, DaddyMomIG, etc. We’re talking about having real passwords that are all different and complex like nn? UW9ZTg [W4, or [vmtN9 <nx! 7R, or 4Xy & # – $ L *; 8 *} P & fM (,).

This is the only way to protect all of our accounts in the event of a data breach. To simplify the management of so many passwords, there are password managers. Watch for one of our future articles on this topic.

As my brother-in-law told me the other day, “Passwords are supposed to be encrypted in social media so what’s the problem? “. This is a relevant question. First there are the social networks that say “Your security and that of your data are important to us …” and which have unencrypted passwords in storage. These give instant access to your other accounts when there is a leak. Then there are the encrypted passwords. There, cybercriminals must crack them with powerful machines, fast computing processors, and specialized computer programs. For example, cracking a “normal” 8-character password with lowercase, uppercase, and numbers takes up to 8 hours. If we remove the numbers, it becomes 22 minutes and it goes down to 5 seconds when we just have lowercase letters. Now you understand why these security freaks ask for complex passwords. They are used to block access to people who get their hands on the encrypted version of the password. A password consisting of all lowercase letters must be at least 15 characters long to be secure (it takes 1000 years to crack).
Therefore, passwords become secure if they are long and / or complex. Watch for one of our future articles on password composition, especially passphrases. A phrase like “The turtle was so fast the hare was stunned” will take more time to crack than there’s left for the sun to turn into a supernova (trillions of years). As few people have this kind of patience (or longevity), this password can be considered secure.

The only thing to remember for now is that you need to have a secure password for each one of your accounts. The fascinating topic of passwords will be explored in the coming weeks with a series of articles on different aspects of the topic.

Don’t miss these articles on the Semafor Conseil cybersecurity blog.

Leave a Comment

Your email address will not be published. Required fields are marked *

Mote de passe / Password



Others posts: