(Credit:Zain bin Awais/PCMag Composite;Gwengoat/via Getty Images)
Amid a whirlwind of memes and scrutiny following last month’s $102 million jewel heist at the Louvre, a curious bit of security news emerged: According to testimony from a museum employee this week, the museum’s video surveillance system password was simply “Louvre.”
I’m not trying to shame anyone here, but if you’re also using a password containing your name, birthdate, mother’s name, pet’s name, or any other common words, let this article be your sign: It’s time to use more secure passwords. It’s not even hard! There are apps to help you create secure passwords! They’re called password managers, and I evaluate them for a living. I’ll tell you how to use one, so you can stop remembering or typing passwords for good.
The Anatomy of a Bad Password
Tempting hackers with a bad password is like throwing your house keys at a burglar’s feet and hoping they won’t want to come inside. So what makes the Louvre’s password particularly weak?
It’s Very Easy To Guess
The first thing I’d type if I were trying to get into the Louvre’s video system is “Louvre.” If that didn’t work, I’d probably also try “L0U.vr3!” or “1ouVR3” next, and then throw up my hands. Hackers, motivated by money, don’t give up so easily, and they don’t need human brainpower to guess passwords, either. AI can identify passwords from keystroke sounds and can crack common credentials in under a minute.
It’s Very Short and All One Character Type
The Louvre’s password is a scant six characters long. Even a powerful AI trained on a lot of password lists will take a long time to crack passwords that are longer than 16 characters. We recommend creating 20-character passwords containing a mix of letters, numbers, and special characters, if allowed.
It Contains Common Words or Personal Information
If your passwords contain your name, relatives’ or friends’ names, pets’ names, meaningful dates, or anything else that could be attributed to you, your password could be insecure. That’s because hackers can find a surprising amount of information about you online, especially if you have an extensive digital footprint.
Using common words and phrases in passwords is also not advisable, as criminals use lists of common words to gain access to accounts using brute force attacks. If you like using phrases in passwords, make sure the phrase is long and obscure, and pepper it with numbers and special characters. Here’s an example: “0T7k1mchi1s_D3licious!B0raha3.”
Let Password Managers Do the Work
So what can the Louvre do about its bad password situation? There are plenty of easy ways to create secure passwords that you can share with other people. You could create your own password generator and store the credentials locally on your computer, but that’s a bit too much work for most people. Instead, I recommend trying a password manager for free and letting it generate long, strong, and unique passwords for your online accounts. Most password managers can also generate passkeys for your online accounts, so you can eliminate passwords forever.
(Credit: Bitwarden/NordPass/PCMag)At a minimum, a password manager will create new, secure, unique logins and store them for you in a vault. When you log into those accounts, the app fills in your information for you, so you don’t need to remember or type anything.
To test the strength of a potential password, consider using this password creation tool from Bitwarden. It provides excellent suggestions for increasing your password strength. Remember to change your password after pasting it into the form.
Which Password Manager Can Help the Louvre?
Businesses have different IT security needs than individual users. Google's latest report for executives notes that despite significant defensive cloud security advancements, most hackers still gain access to businesses using the front door, as in insecure passwords. In the case of the Louvre, they would need something with features specific to larger organizations. Based on my testing, I think these are solid recommendations.
A Password Manager for Sharing Passwords
Keeper has an excellent password-sharing system that allows customers to choose how to share their credentials and how long the recipient can access them. The museum could use the app to create a long, strong, and unique password, and then securely share it with employees who need it.
A Business Password Manager
Dashlane's extensive reporting tools enable administrators to assess employee password hygiene, allowing them to identify and change insecure passwords before they make headlines.
Which Password Manager Is the Best?
There are a lot of excellent password managers to choose from, but I usually recommend Editors’ Choice winners NordPass and Proton Pass above all others.
(Credit: NordPass/Proton/PCMag)NordPass is an excellent, all-around choice for paid password management. It’s affordable while also providing features that everyone wants, like data breach scanning, email masking, emergency access, and password hygiene checkup tools.
Meanwhile, Proton Pass is the best free password manager I’ve tested this year. In addition to the core functions of a password manager, Proton Pass offers its free customers access to their logins across all devices and the ability to create email aliases, which can help reduce scams and spam messages in your inbox.