6 Government Recommendations to Avoid Password Cracking

Post a Comment

The following are tips and recommendations from the government to avoid hacking through passwords.

Facing many more intelligent frauds, the National Commission for Computing and Freedom (in certain countries) has taken its recommendations from 2017 and updates it.

According to Verizon's study in 2021, 81% of the notification of global data violations related to password problems. To avoid fraud, the National Commission on Computing and Freedom (CNIL) updated the 2017 recommendations on Monday, October 17. There is no more "1234" or "child + date of birth".

How to secure your account on the web

Here are tips on how to secure your account on the web.

1. Prepare an authentication of two factors

This consists of, for example, connecting by entering your password and then validating this authentication via SMS or through a safe application installed on the phone. There is also an electronic certificate that is equivalent to a digital identity card.

2. Select a long and complicated password

According to the recommended password example it must be between 12 and 14 characters including uppercase, lowercase letters, numbers and with or without special characters.

3. Find a random password

The goal is to avoid the "dictionary" attack. As explained by internet experts, "choosing a password from the words of a language will greatly limit the number of possible combinations of letters in practice.

In fact, each language only receives a limited number of letters, which is used to form syllables. The temptation for many users is to choose a password that is easy to remember ". This makes it easy for hackers to test some combinations of words: for example, from the word" kangaroo ", a combination like" k4ng0urou "," kangaroo01 "," kangourou ", etc. will be reduced and tested .

4. prefer phrases than words

The level of security will be even greater if the user uses a "passphrase" consisting of a minimum of seven words.

5. Don't Save the Password in Ordinary Text

This advice is intended especially for the manager of the website, that the password should not be stored in ordinary text. Passwords must be changed through cryptographic functions that cannot be reversed and safe. If the site fails to comply with this instruction, the commission can demand penalties in an equivalent amount of 4% of turnover worldwide, with a ceiling of 20 million euros.

6. Stop the obligation to change your password regularly

More and more studies have shown that forcing users to change their passwords regularly is not a truly effective action. As shown by the organization, users who are tired because they often adapt to this policy will slightly change their passwords. For example by adding a number at the end. This can be considered to reduce the level of security.

Related Posts

Post a Comment