Skip to main content
Français | English

Plateforme Informatique
Département de Biologie ENS - CNRS UMR8197 - Inserm U1024

  1. Home
  2. Features
  3. Systems
  4. QA systems
  5. Choose a good password?

Choose a good password?

It’s harder to choose a good password than to remember it, it’s known that it’s better to change your password every time you well remember it. A good password is obtain by the action of an algorithm on a key (usually one or more words/numbers). The complexity of the password considers the number of possible combining to obtain randomly or by calculation, and the variability of the algorithm and key used to generate the formula. This formula is used to be recognized by a sentry, human or computer. Some basic rules applies to any password management.

  • a password is strictly personal: never give it to anyone.
  • a password is unique for a specific sentry: never use your code twice, on two systems or services. Never reuse your passwords, regenerate them.
  • a password has to be regularly changed.
  • a password has to be difficult to find, but easy to remember: never write it. Particularly, never stock it in a computer file and never activate the option which allows to remember your passwords in a network/web communication software.

What to avoid

The last rule concerning passwords is the most important one and the most criticized one. The security is a compromise, a good password too. The compromise has to be found between random side of the alphanumeric formula used as password and the necessary mnemonic side of the formula.

In no case a password can be:

  • your phone number.
  • your first name, last name, or login.
  • your number plate.
  • your social security number.
  • the name of your dog, goldfish, cat or snake. Or any other combination of these words, even in a disorder state.

A good password can’t be found in:

  • a dictionary
  • a magazine
  • a first name collection
  • a computer or listing file…

Here some way to generate a good password and remember it!

The key sentence

Choose a proverb, a saying, a movie or book title, and use this sentence, as a key to generate a password. This is deduced from the key sentence by a way you choose, here an example : keep only the beginning letter of each words forming the key sentence, and mix the obtained letters with the number of letter forming each word.

Example: the key sentence is "The life in pink". The first letters of each word are Tlip (respect the case!), and the four words are respectively constituted of 3, 4, 2, 4 letters. The chosen password is "Tlip3424".

Another way is to alternate letter/number this gives "T3l4i2p4". The way to choose your password from a key sentence can be changed at will. Furthermore, some characters increasing the disorder of the password can be introduced like ":", "/", "%" and so on. This way has the advantage to generate relatively random passwords, which are a "compressed" version of the key sentence which is difficult to totally find in order to discover the password.

Some "noise" can be added in the password by adding some characters from outside of the key sentence. Likewise, it’s possible to find the password with the key sentence, easier to remember than the password itself. This allow to avoid to write the password on a paper in order to remember it.

Words placed side by side

In this way, you place side by side two words to make the password. For example "Car" and "Fire" give "CarFire". Note, here too, in order to increase the complexity, you can mix uppercase and lowercase.

The quality of passwords generated with this way is worst than the last one, because both used words can be found in a dictionary, and a crack software could easily use an algorithm as simple as placing side by side two words. Introduce a number or a special character between the two words to increase its complexity.

Double deletion

This time, the goal is to find a long enough password, and to delete in this words all multiple occurrences of the same letter. So the key "researcher" give the password "resach" after deleting double letters.

Once again it’s good to add number or special characters to increase the complexity.

For example, we can add the original number of letters of the key, "communication" becomes "comuniat13". This way is less fragile than the last one, but here again an algorithm which generate the password from the key is easy to put in place.