The best people to ask is ovh.fr. Assuming they are providing business type SIP access, they should have the correct configuration information.
Without knowledge of their requirements, I would have to suggest that the second xxxx is wrong.
Note that this configuration will fail when you get an actual inbound call, as insecure=very has been replaced by its component parts. Also note that you normally only need one of those and you normally don’t need nat at all.
If you are actually behind NAT, you should have externaddr, externip or stunaddr.
You don’t appear to have firewall problems. Otherwise you would not have received the error. Everything points to a wrong password.
Again, if the account is intended for commercial use, the ITSP should have an Asterisk configuration. If they don’t, choose one that does. If the account is a intended for a single IP phone, consider getting an account that is intended for PABX use.
Turning on sip debugging may give some clues, but I think the basic problem is that you haven’t met the ITSP’s requirements.
remotesecret seems to be new for 1.8. It looks like it is a better alternative to insecure, so one probably doesn’t need insecure at all. However, if you use it, you should not specify secret in a case that previously needed insecure.
Specifying insecure=very on 1.8 is equivalent to setting insecure=no, so inbound calls will fail if you have secret set and the normal situation where the ITSP doesn’t authenticate itself to you applies.