top of page

Cyber hygiene: passwords

In order to increase the security of your IT, a certain number of good practices are grouped under the generic term of IT hygiene. We list here some of these good practices. For this last article in a series of five, here are some tips for managing your passwords.

The curse of passwords

Passwords are often a weak point in computer security, as they depend on human fallibility. Since many passwords often have to be remembered, users make two main mistakes: using short, easy-to-remember or to-guess passwords and reusing the same passwords for several different services.

Password length

A password should be long enough to avoid being found too easily by "brute force" (a program tries all possible combinations of numbers and letters: below 6 characters, a few seconds or minutes are sufficient). A minimum of 10 characters combining upper and lower case letters, numbers and special symbols (&%*+-) should be used.

For any password to be entered on the web, don't be afraid of long passwords, as they can be saved in a web browser, so they don't need to be remembered.

Various websites (including provide information on the strength of a password.

Separate passwords

A separate password should be used for each website and service. Indeed, in case of a data leak, a hacker will try to reuse the same password on another site and could easily access the accounts of a careless user.

Use separate passwords for your personal and professional digital life.

To facilitate the use of dozens of different passwords, there are many utilities such as 1Password. Web browsers also offer to store passwords. Be careful with applications or websites that store your passwords, unless they have an excellent reputation.

Other precautions

A password is personal and should never (with rare exceptions) be shared with a third party.

A password should never be written on a Post-It note stuck on the screen or sent by e-mail, SMS, chat or other means leaving traces.

If the website or service offers it, activate the 2-factor identification (confirmation by SMS or better, via an authentication application).


bottom of page