Aaaa Passwords, I believe this is the point in computing that will always create controversy, and will always be a very important point in the information system. This is why it is important to make users aware of the risks involved when using simple passwords.
I agree, managing strong passwords (by strong we mean difficult to guess) can get complicated, but it is necessary to limit the risk of the password being guessed.
Reminder of the basic rules concerning passwords
Normally these rules are supposed to be known (especially in 2025), but it is good to remember them:
- Never share your password with third parties (acquaintances, hotline, etc.)
- Choose a password that does not contain personal information
- Choose a password without a dictionary word
- Use a different password for each website
- Change your passwords regularly
It is good to remind yourself of these rules regularly to limit the risk of weak passwords.
Find a password strategy
A secure password contains:
- At least 1 lowercase letter
- At least 1 capital letter
- At least 1 digit
- At least 1 special character
- At least 8 characters in total
One way to create a complex password is to define a password logic. We can take any phrase and use it to define our password. All that's left to do is memorize this phrase to remember our password, which is easier.
For example, we can take the sentence:
My server crashed the moment 23 people logged in
The password will be: Msapàl'io23pssc
Another strategy is to remember a complex set of characters, and add to the end the name of the service where this password is used.
So we get for example:
- rziTRE123.Youtube
- rziTRE123.Steam
- rziTRE123.Bluesky
This way we have a different password for each service, and there is a logic that makes it easier to remember.
The password manager
Alternatively, if you want to generate strong, random passwords but avoid having to remember them, you can turn to a password manager.
You just need to remember the password to unlock the database, and then access the passwords stored in it.
There are several password management software programs. Personally, I use KeePass (and its Linux port, KeePassXC) for personal use. For professional use, there are many others that have advantages (restricting access to certain passwords, AD login, etc.)
Note that most modern browsers offer to store passwords, personally I am not a big fan of this option because if someone has access to your user profile on your computer, they can recover the password file which is not always very secure.
Two-factor authentication
This option allows you to add a layer of security to your account. More and more online services are forcing the activation of 2FA (2 Factor Authentication). Even if a service doesn't require it and offers it, I strongly recommend activating it.
There are mainly two types: time-based code, and code sent by email, SMS, or other means of telecommunication.
In the first case, a private key is added to code generation software to import the code generation logic. These codes are based on the current date and time, and therefore do not require an internet connection to work. Typically, the code changes every 30 seconds.
You must therefore be careful that the device generating these codes is on time, otherwise the codes will all be incorrect.
The second option is basic: sending a code via email or SMS, and valid for a few minutes. The process is simple and adapts to the provider using it.
To conclude
Passwords are an important aspect of security. They are a key to accessing sensitive information or payment methods. It's very important to keep your passwords secure and, above all, to avoid sharing them with others.
Of course, zero risk does not exist in computing, but we can get as close as possible to it.
