Security on the Internet / Passwords

Confidentiality

Your username and your password are your identity on the Internet. You must take all necessary measures to preserve their confidentiality. You will never be asked such information by a Vidéotron employee unless you personally initiate a call to your Customer Service. For identification purposes, you may be asked by a representative to provide him with your password so he may proceed, for example, with the modification of your account. Note, however, that in such a case, the call originates from you. You will never be required to give out this information via electronic mail or on an Internet chat room. Never reveal your password to anyone, except to your Customer Service representative, whom you have contacted directly by telephone.

What not to do

It is absolutely essential to avoid choosing a password identical to your username, e-mail address or your nickname or being able to associate with them in some way. It is also strongly recommended not to choose a password that may be associated with an activity, a company, a leisure, a person, a date or an object through which someone could identify you. It is particularly recommended to exclude the names of your relatives, that of your favorite pet, the brands of your car, screen monitor or computer, just as well as dates, whether you invert the digits or not.

Common words such as "secret", "Internet", "flower" or "sunshine" are the first to be avoided. In fact, all words that can be found in a dictionary, the names of people, places, organizations as well as trade marks are not judicious choices. Exhaustive computerized lists of all such category of words do exist with an indication of their usage frequency. Attempts at hacking obviously start with the words generally used.

Choice of a password

A good password does not look like a real word. It is rather recommended to choose a random combination of letters and figures. If this looks too complicated or difficult to remember, choose a phrase and select the first letter in each word. For example, the phrase:

t he  young  bird  sing  loud  and  fly

could read "tybslaf", which is relatively easy to remember for someone who is familiar with the original sentence, but perfectly incomprehensible otherwise. Obviously, it is preferable to avoid choosing a famous sentence such as "To be or not to be".

To add to the difficulty of deciphiring, a single digit can be added randomly (for example "tyb8slaf") or certain words, letters or syllabels can be replaced by numbers which resemble them. For example, by substituting the letter l by figure 1, we obtain: "tybs1af" ; replacing s with 5 will give: "tyb5laf". The same could be obtained with 0 (zero) and o, or replacing words such as "tree" with 3 or "for" with 4, etc.

The number of possible combinations of a password formed in this way is astronomical. A combination from six to eight letters and figures allows 36⁶+36⁷+36⁸, that is to say 2,901,650,853,888 possibilities. To give an idea of size, it would take approximately 92,000 years to exhaust all these possibilities, at a rate of an attempt a second.

Frequent changes

Even if you choose an indecipherable password, it is likely to be discovered one day or the other. This can happen earlier than you think. There are multiple reasons for such leaks : somebody will see you typing your password, you will note it on a piece of paper exposing it momentarily to indiscreet eyes, it will be collected among your waste, you will use the same password in various contexts and on different servers, you will entrust it to a person in whom you have total confidence, who will do the same with a person in which she/he has total confidence, etc.

This is why it is recommended to change your password regularly. You must avoid modifying only one or two characters. If a password such as "tybslaf2" is deciphered, there are high risks of later attempts at intrusion with "tybslaf3", then "tybslaf4", etc. This type of modification strategy is, therefore, not recommended. Choose rather a complete change of the password.

To modify the password for your Vidéotron Internet account, use the form provided on this site. If you modify it for the first time and you do not have a personal page on InfiniT, you will have to choose a nickname. The latter should not correspond to your username. The password for the InfiniT server and that of your Vidéotron Internet account will automatically be synchronized.

The management of passwords

Passwords are required in several contexts and on different servers: Internet and e-mail accounts, network accounts at school or at the office, Web services which require an identification (even if they require only one nickname), banking cards or calling cards (NIP), etc. In such cases, it is natural wanting to simplify life by using the same password, but it often shows carelessness.

The needs and the level of security vary depending on the context. If your password is deciphered in a context requiring less security (at school, on a game server) and that you use the same password everywhere, you open the door to areas where the need for security should be larger (at work, for your Internet account). It is advisable to remain particularly careful on servers of doubtful reputation or whose activities border the limits of legality or decency. If you must use the same password on more than one server, establish at least some watertight barriers according to contexts, the degree of confidence and required security, and reserve that of your Internet account to this exclusive use.

The multiplication of passwords can pose a challenge to the memory. If you have to note them somewhere, make sure the support you use is strictly personal, confidential and not accessible. A password stuck under the top of a desk is as secure as a house key hidden under the carpet ! A badly hidden password list is a whole bunch of keys left at the disposal of others. A rather interesting solution would be to memorize one password, which should never be written down, and which would serve as the key to a file where all other duly encoded passwords are listed. The software PGP (Pretty Good Privacy) is a tool recognized for this purpose.

In summary:

• Choose a password difficult to decipher.
• Use at least six to eight letters combined with digits.
• Do not reveal it to anyone under any circumstances.
• Completely change your password periodically (not just a digit or a few characters).
• Use the form on this site to modify your Vidéotron Internet account password.
• Avoid using the same password in different contexts and on different servers.
• If you have to note your passwords, secure your list in a safe place.
• If possible, memorize one password, which you will not note anywhere, and which will be used as the key to an encrypted file containing all other passwords. Use a safe encoding method such as PGP.