ANSSI recommends a password of at least 12 to 16 characters. The longer a password is, the harder it is to crack by brute force.

Prefer passphrases combining words, numbers and special characters for maximum security.

Use a unique password for each service. Reuse is the main entry point for cascade attacks.

Adopt methods to differentiate your passwords easily through memorable bases.

KeePass, Bitwarden or 1Password are recommended password managers. They relieve you of memorization and increase security.

Enable multi-factor authentication to strengthen their protection.

Use the first letters of a sentence method, phonetic technique, or random generation via password manager to strengthen your password.

Combine several techniques for optimal security.

Ban personal information and common logical sequences that make attackers' work easier.

Resist obvious substitutions often included in attack dictionaries.

Use 2FA or MFA to add an essential layer of security, especially on sensitive access.

Prefer authentication applications over SMS and systematically enable on your critical services.

Use tools like Have I Been Pwned to check if your data has been leaked and stay alert to notifications.

Act quickly if you suspect a compromise.

Abandon the 90-day systematic change rule in favor of updating only in case of compromise.

Actively monitor alert signals and react quickly.

Use end-to-end encryption with zero-knowledge password managers.

Avoid storing in clear text or unsecured notes, especially in professional environments.

Organize regular training sessions and attack simulations to strengthen vigilance.

Create a security culture that values reporting and good practices.