Amid a whirlwind of memes and scrutiny following last month’s $102 million jewel heist at the Louvre, a curious bit of security news emerged: According to testimony from a museum employee this week, the museum’s video surveillance system password was simply “Louvre.”
I’m not trying to shame anyone here, but if you’re also using a password containing your name, birthdate, mother’s name, pet’s name, or any other common words, let this article be your sign: It’s time to use more secure passwords. It’s not even hard! There are apps to help you create secure passwords! They’re called password managers, and I evaluate them for a living. I’ll tell you how to use one, so you can stop remembering or typing passwords for good.
The Anatomy of a Bad Password
Tempting hackers with a bad password is like throwing your house keys at a burglar’s feet and hoping they won’t want to come inside. So what makes the Louvre’s password particularly weak?
It’s Very Easy To Guess
The first thing I’d type if I were trying to get into the Louvre’s video system is “Louvre.” If that didn’t work, I’d probably also try “L0U.vr3!” or “1ouVR3” next, and then throw up my hands. Hackers, motivated by money, don’t give up so easily, and they don’t need human brainpower to guess passwords, either. AI can identify passwords from keystroke sounds and can crack common credentials in under a minute.
It’s Very Short and All One Character Type
The Louvre’s password is a scant six characters long. Even a powerful AI trained on a lot of password lists will take a long time to crack passwords that are longer than 16 characters. We recommend creating 20-character passwords containing a mix of letters, numbers, and special characters, if allowed.
It Contains Common Words or Personal Information
If your passwords contain your name, relatives’ or friends’ names, pets’ names, meaningful dates, or anything else that could be attributed to you, your password could be insecure. That’s because hackers can find a surprising amount of information about you online, especially if you have an extensive digital footprint.
Using common words and phrases in passwords is also not advisable, as criminals use lists of common words to gain access to accounts using brute force attacks. If you like using phrases in passwords, make sure the phrase is long and obscure, and pepper it with numbers and special characters. Here’s an example: “0T7k1mchi1s_D3licious!B0raha3.”
Let Password Managers Do the Work
So what can the Louvre do about its bad password situation? There are plenty of easy ways to create secure passwords that you can share with other people. You could create your own password generator and store the credentials locally on your computer, but that’s a bit too much work for most people. Instead, I recommend trying a password manager for free and letting it generate long, strong, and unique passwords for your online accounts. Most password managers can also generate passkeys for your online accounts, so you can eliminate passwords forever.
(Credit: Bitwarden/NordPass/PCMag)
At a minimum, a password manager will create new, secure, unique logins and store them for you in a vault. When you log into those accounts, the app fills in your information for you, so you don’t need to remember or type anything.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.
Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
To test the strength of a potential password, consider using this password creation tool from Bitwarden. It provides excellent suggestions for increasing your password strength. Remember to change your password after pasting it into the form.
Which Password Manager Can Help the Louvre?
Businesses have different IT security needs than individual users. Google’s latest report for executives notes that despite significant defensive cloud security advancements, most hackers still gain access to businesses using the front door, as in insecure passwords. In the case of the Louvre, they would need something with features specific to larger organizations. Based on my testing, I think these are solid recommendations.
Recommended by Our Editors
A Password Manager for Sharing Passwords
Keeper has an excellent password-sharing system that allows customers to choose how to share their credentials and how long the recipient can access them. The museum could use the app to create a long, strong, and unique password, and then securely share it with employees who need it.
A Business Password Manager
Dashlane’s extensive reporting tools enable administrators to assess employee password hygiene, allowing them to identify and change insecure passwords before they make headlines.
The Best Password Managers We’ve Tested
NordPass
50% Off for the 2 Year Premium Plan
at NordPass
Proton Pass
$1.99 Per Month (60% Off 1 Year Pass Plus Plan)
at Proton
Dashlane
Start Your Free 14 Days Dashlane Trial for Your Business
at Dashlane
SEE -5 MORE
Which Password Manager Is the Best?
There are a lot of excellent password managers to choose from, but I usually recommend Editors’ Choice winners NordPass and Proton Pass above all others.
(Credit: NordPass/Proton/PCMag)
NordPass is an excellent, all-around choice for paid password management. It’s affordable while also providing features that everyone wants, like data breach scanning, email masking, emergency access, and password hygiene checkup tools.
Meanwhile, Proton Pass is the best free password manager I’ve tested this year. In addition to the core functions of a password manager, Proton Pass offers its free customers access to their logins across all devices and the ability to create email aliases, which can help reduce scams and spam messages in your inbox.
About Our Expert
Kim Key
Senior Writer, Security
Experience
I review privacy tools like hardware security keys, password managers, private messaging apps, and ad-blocking software. I also report on online scams and offer advice to families and individuals about staying safe on the internet. Before joining PCMag, I wrote about tech and video games for CNN, Fanbyte, Mashable, The New York Times, and TechRadar. I also worked at CNN International, where I did field producing and reporting on sports that are popular with worldwide audiences.
In addition to the categories below, I exclusively cover ad blockers, authenticator apps, hardware security keys, and private messaging apps.
Read Full Bio
