New agency tool helps generate secure online passwords

La Cnil (Commission Nationale de l’Informatique et des Libertés) is the national data protection authority.

Its new online tool enables users to choose a strong password that is at least 12 characters long, based on an easy-to-remember sentence that is personal to them.

The phrase must contain at least one number, one capital letter, one punctuation symbol, and one special character (such as a dollar sign “$”), as this is the most secure method.

The tool then transforms the phrase into an easy-to-remember password that would appear very complicated to anyone else.

To remember it, the user simply has to use their initial phrase, and take the first letter of each word, as well as the punctuation.

In this way, an apparently-complicated password becomes easy to remember for the user, but almost impossible for a fraudster or hacker to guess or generate.

For example, the phrase “My password has been a well-kept secret for 25 years!” would become “Mphbaw-ksf25y!”.

The agency is also encouraging users to choose a different password for each online account, especially for important services such as email and internet banking, and to avoid using birth dates or years between 1950 and 2049.

Symbols and “emoticons” can also be used to make passwords more complex - for example, using the symbols “:-)” instead of the word “smile”.

Using a personal phrase to help commit the passwords to memory is also key, as writing them down or keeping them “safe” somewhere could also lead to security breaches.

This new initiative comes as online fraud and data theft is rising, but many online users continue to choose very simple and easy-to-guess passwords across different internet accounts, making them vulnerable to online crime.

As password software builder SplashData found, “123456” was the most-used password in 2017, suggesting that users are still not choosing secure strategies to keep their online data safe.