A computer security expert has created a website to test your password. In its database, there are 320 million passwords that have leaked during hacking.
Passwords are a wound. Everyone has a dozen different – or at least should – they must constantly invent new ones, they must be easy to memorize for man and at the same time difficult to guess for a software, and therefore a potential pirate.
Even if they respect all these rules of computer security, they happen that they find themselves in nature, in the eyes of all, because of a mass piracy, like those that targeted Yahoo, Myspace, LinkedIn, Adobe, Dropbox, etc. Fortunately, an expert may have found the solution to your problems.
Testing whether a password is compromised or not
Troy Hunt, is an Australian researcher in computer security. He made himself known thanks to Have I Been Pwned? [ Did I get myself? ], A web site that lets you know if an email address and its associated identifiers have already been compromised during a major piracy.
This time, Troy Hunt created a new website, Pwned Passwords, which takes exactly the same principle but directly with passwords, reports Science Alert. Just enter one in the search bar and the site searches among its database of 320 million passwords that have already leaked during large piracy, and are therefore likely to be tested first by hackers.
Obviously, the purpose of the maneuver is not to enter one of the current passwords, unless change it immediately after. “It goes without saying-even if I say it on my site-you do not need to test a password you’re using right now, even though I’m a trustworthy person and my site does not register any Password, ” says the researcher on his blog. And this, for a simple reason: you must never give your password to anyone.
“The purpose of this service is to confirm to those who know that they use a weak password that they really need to change it,” says the researcher, or to know if an old password was solid or even to test New password templates. But if you still want to check your current passwords, there is a solution: just download the complete list of 322 million passwords and find out if any of your passwords are there, following the Instructions on the Troy Hunt website.
Forget everything you were told about “the right password”
What if one of your passwords is compromised? How to choose a new one, what rules should be applied? According to the recommendations made by an American expert, Bill Furr, in 2003, a password must contain at least a capital letter, a number and a punctuation character. And ideally, change every three months. Except that these rules are actually very bad, Dixit Bill Furr in person.
“I regret the majority of what I said at the time,” he apologized in an interview with The Wall Street Journal, Monday, August 7. “It was probably too complicated for too many people and It was not necessarily relevant “. Why? Because its recommendations had a notable perverse effect: they pushed people to create similar passwords, with a capital letter always at the beginning and a punctuation mark always at the end. A kind of password difficult to remember for the man, but easily decipherable by a program.
The longer the better
According to the American newspaper, which quotes the latest edition of the American Institute of Technological Standards, the most important is actually the size. A completely lowercase password, consisting of four words with no link between them, is not only easier to remember for humans, but also more difficult to find for a computer. Example? Lapisramagesgamory kamoulox.
In France, the recommendations of the National Agency for the Security of Information Systems (Anssi), go in the same direction . According to her, it is necessary to use passwords of at least twelve characters of different types, Le Figaro notes, and even integrate numbers, uppercase and special characters, if your memory allows you.
Once you have developed a complex enough and easy to remember, do not change regularly, contrary to what was previously recommended. According to a study by the British secret services, this is perfectly useless. Unless you are certain that it was stolen.