Advice from Lauranne Peyron, CISO at Evolucare
To mark World Password Day, we asked Lauranne Peyron, Head of Information Systems Security at Evolucare, to share a few key recommendations for strengthening day-to-day cyber security.
🔐 Why is authentication crucial?
Authentication is based on three types of factor: what you know (password), what you have (badge or token), and what you are (biometrics).
Although multi-factor authentication (MFA) is often recommended, it is not always available, particularly on certain business systems. Hence the importance of choosing a strong password.
Authentication is one of the bases for managing access to data or information systems containing protected information or enabling specific actions to be taken’, Lauranne points out. It is based on three types of factor: what you know (password), what you have (badge or token), and what you are (biometrics).
Although multi-factor authentication (MFA) is often recommended, it is not always available, particularly on certain business systems. Hence the importance of choosing a strong password.
🧠 Complexity and length: two key words
As Lauranne humorously explains: ‘Please choose a complex password, with upper case, lower case, special characters, numbers, three different colours and a top hat…’.
Behind this irony lies a reality: complexity makes passwords more resistant to attack. In 2024, on average (1):
- 37 seconds to crack an 8-digit password
- 22 hours for a password of 8 lower-case letters
- 1 month for an 8-character password with numbers, upper and lower case letters and symbols
- 164 million years for a 12-character password
🔍 Things to remember: when strengthening your passwords, give priority to length and variety of characters.
🧰 Think about password managers
Password safes are easy-to-use tools that enable you to save, generate and synchronise your passwords in complete security. Lauranne recommends KeePass, an open source solution certified by ANSSI. (2)
💡 Tips if you can’t automate :
- The custom root: create a long password base, then add a suffix for each service.
- The song: use the initials of a song you know.
- Passphrase: put together three words of more than six letters, separated by symbols.
- Strategic forgetfulness: for certain little-used sites, don’t hesitate to click on ‘forgot password’ and secure your email accordingly.
📉 To avoid unpleasant surprises:
Visit https://haveibeenpwned.com, a reliable site that will tell you if your credentials have been compromised.
‘The longer a password is, the longer it will take hackers to crack it, and the greater the chances that they will turn away from your account.’ – Lauranne PEYRON
In short, protecting digital access is everyone’s business. At Evolucare, we place excellence and security at the heart of everything we do, to guarantee the trust of our customers, employees and partners. Because in e-health, protecting data also means protecting patients.
👉 To find out more about our cybersecurity approach
Sources :
(1) www.hivesystem.com/password
(2) Agence Nationale de la Sécurité des Systèmes d’Information