Secure passwords - here's how

PC, laptop, smartphone: We are in the midst of the digital age and the majority of people are connected everywhere and at all times. The World Wide Web, however, harbors numerous dangers for everyone’s privacy. Numerous pieces of malware make their way through the Internet every day and reach users, some of whom are unsuspecting, not only via their electronic mailboxes.

In order to better protect sensitive data such as bank details, but also other personal data and private image treasures against potential attacks, password security is becoming increasingly important. But many people are still too careless when it comes to choosing a password. The most popular entries still lack the necessary password strength.

The Top 10 most common passwords:

123456
123456789
qwerty
password
12345
qwerty123
1q2w3e
12345678
111111
1234567890

IS YOUR PASSWORD ON THE LIST?

Many Internet users simply hope that it won’t hit them. But what if it does? What if the password for Ebay has been stolen, which may also be your key to Paypal, various online stores, and your Facebook and e-mail accounts? Then there’s a risk that third parties will log in and use false data to place orders on the Internet – but the invoices will go to you. Third parties can also use your logins to conclude contracts, send messages, change profiles and much more.

How can thieves obtain your passwords?

There are two main reasons why others can find out your passwords:

Data leaks at major online companies mean that millions of user names and passwords repeatedly fall into the hands of criminals. The Hasso Plattner Institute (HPI) at the University of Potsdam has long assumed that billions of user accounts have been affected. The passwords and personal information of the owners circulate in long lists and can theoretically be found by anyone on the net. Anyone affected by this should urgently change their passwords. You can check online at HPI whether your e-mail address is affected.

Besides such data leaks, a poorly chosen password is still the most exploited security hole on the Internet. That’s because hackers can quickly figure it out with the help of automated programs that test thousands of entries from dictionaries in conjunction with number combinations in a matter of seconds. The researchers at the University of Potsdam examined more than 67 million access data with e-mail address ending in .de, which originated from data leaks in 2019 and are freely available on the Internet. The result: in Germany, the password “123456” is currently the most popular, followed by “123456789” and “12345678.” It hardly gets any more insecure than with passwords like these!

It is also conceivable that strangers could obtain your login data by phishing, for example with manipulated e-mails. You can find out what to look out for in suspicious e-mails in our phishing section.

To be safe on the net, it is therefore especially important to

If possible, use a separate password for each service. If there is a security hole in one of the portals, criminals will not be able to log in to all your other accounts.
Choose passwords that are as secure as possible and cannot be easily guessed.

6 rules for a good password

A password should be at least 10 characters long.
It should consist of upper and lower case letters, numbers and special characters (e.g. § & ? * ! ?) and should not be found in a dictionary or be related to you and your family. So do not use names, dates of birth, telephone numbers or similar.
It should not be a mere sequence of numbers (12345…), alphabetic letters (abcdef…) or a series of adjacent keys on the keyboard (qwertz…).
The more sensitive an access is (for example, online banking), the more care you should take in choosing a strong password. If the provider does not set a character limit for the password, the longer the better!
Do not choose one password for all portals, but create your own passwords for at least the most important and most frequently used services.
Change a password if it was sent to you by a provider and you have logged in there for the first time. Other reasons for changing the code would be that your online service provider asks you to do so, major data leaks become known or your device has been infected with malware.

For a long time, it was recommended to change passwords regularly. Many users tended to weaken their passwords to make them easier to remember. That's why security authorities like the BSI no longer issue this recommendation.

How to create good passwords

Build memorable bridges when creating passwords, for example, by thinking of a sentence that you will recall whenever you need it, and using only the first letter of each word and the punctuation marks. For example, “I phoned Mary, but the line was busy.” becomes the password in this way: “IpM,btlwb.”. It is best if you have freely invented such a sentence and not read it somewhere.
As inconvenient as it may be, do not use such passwords for multiple services, if possible! Even variants like IpM,btlwb.-E-Mail for the e-mail account and IpM,btlwb.-PC for the login on the computer are easily guessed by strangers.
You can also create and save a password with special password managers

Keep password lists secret

Write down the password in a protected place – not on a piece of paper on your PC, not in your wallet or collected in your calendar. The same applies to computers and smartphones: Do not create unprotected files with passwords that strangers can easily open. Do not send passwords by e-mail, text message or similar means.

Be careful about storing passwords in your software, e.g. in the e-mail program, the browser, on the smartphone, etc. If the programs store your data unencrypted and/or the device itself is not well protected, others can then access your user accounts with your PC or smartphone.

Password managers help with creating and remembering

Creating complicated passwords, having a separate one for each user account and remembering all of them without access for third parties: password managers can be a good help in this. On the Internet you can find various software with which you can manage your passwords and store them in encrypted form.

If you use a password manager, then you must select a central password with which the software can be started and the stored passwords displayed. This so-called master password should be particularly secure. It is best to choose a particularly long password, with 20 characters or more. Do not tell anyone, do not write it down, and do not use the password manager on unprotected, third-party devices that could be infected with malware.

Tips beyond strong passwords

Two-factor authentication: Many online service providers offer procedures that require you to identify yourself in a second way in addition to your password in order to log in. This so-called two-factor authentication is available in numerous variants, e.g. as a code via SMS, with a TAN generator for online banking or an app. Caution: Even with such a method, you should not do without secure passwords!

Unlock smartphone: On smartphones, it’s particularly convenient to have passwords saved in the apps so that you don’t have to re-enter them every time you start up. This poses additional risks. If the smartphone is stolen, the thief could gain access to online banking and other accounts. Therefore, store as few passwords as possible on your device.

Many smartphones can be encrypted – use this option, not only if you store passwords on the device.

You should also set up an automatic screen lock and choose a method for unlocking that is as secure as possible. We give tips for what advantages and disadvantages patterns, fingerprints and co. have.

Login alliances / single sign-on: Providers such as Facebook, Google, Amazon, “Verimi” and “NetID” offer solutions for logging in to other apps and sites with their login data. The procedure is called “single sign-on”. We are critical of this, not only from a data protection perspective (these companies can, for example, find out when you logged in and where). A central login to one of these services also means that criminals can have particularly easy access to many of your other user accounts in the event of a data leak there. You can read more about this here.

What is Rootkit?

What is Rootkit A rootkit is a type of malicious software that is designed to gain privileged access to a computer system. Once a rootkit

Michael Satlow 20/03/2023

Cyber Security

Understanding PGP Encryption

Understanding PGP Encryption PGP (Pretty Good Privacy) is a cryptographic software program that provides secure communication by encrypting and decrypting data. PGP was created by

Markus Huber 17/03/2023

Cyber Security

How to prevent DNS Spoofing

How to prevent DNS Spoofing DNS spoofing, also known as DNS cache poisoning, is a technique used by hackers to redirect a user’s traffic to

Markus Weber 14/03/2023

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Secure passwords - here's how

The Top 10 most common passwords:

123456

123456789

qwerty

password

12345

qwerty123

1q2w3e

12345678

111111

1234567890

IS YOUR PASSWORD ON THE LIST?

How can thieves obtain your passwords?

There are two main reasons why others can find out your passwords:

It is also conceivable that strangers could obtain your login data by phishing, for example with manipulated e-mails. You can find out what to look out for in suspicious e-mails in our phishing section.

To be safe on the net, it is therefore especially important to

If possible, use a separate password for each service. If there is a security hole in one of the portals, criminals will not be able to log in to all your other accounts.

Choose passwords that are as secure as possible and cannot be easily guessed.

6 rules for a good password

A password should be at least 10 characters long.

It should consist of upper and lower case letters, numbers and special characters (e.g. § & ? * ! ?) and should not be found in a dictionary or be related to you and your family. So do not use names, dates of birth, telephone numbers or similar.

It should not be a mere sequence of numbers (12345…), alphabetic letters (abcdef…) or a series of adjacent keys on the keyboard (qwertz…).

The more sensitive an access is (for example, online banking), the more care you should take in choosing a strong password. If the provider does not set a character limit for the password, the longer the better!

Do not choose one password for all portals, but create your own passwords for at least the most important and most frequently used services.

Change a password if it was sent to you by a provider and you have logged in there for the first time. Other reasons for changing the code would be that your online service provider asks you to do so, major data leaks become known or your device has been infected with malware.

For a long time, it was recommended to change passwords regularly. Many users tended to weaken their passwords to make them easier to remember. That's why security authorities like the BSI no longer issue this recommendation.

How to create good passwords

As inconvenient as it may be, do not use such passwords for multiple services, if possible! Even variants like IpM,btlwb.-E-Mail for the e-mail account and IpM,btlwb.-PC for the login on the computer are easily guessed by strangers.

You can also create and save a password with special password managers

Keep password lists secret

Be careful about storing passwords in your software, e.g. in the e-mail program, the browser, on the smartphone, etc. If the programs store your data unencrypted and/or the device itself is not well protected, others can then access your user accounts with your PC or smartphone.

Password managers help with creating and remembering

Tips beyond strong passwords

Many smartphones can be encrypted – use this option, not only if you store passwords on the device.

You should also set up an automatic screen lock and choose a method for unlocking that is as secure as possible. We give tips for what advantages and disadvantages patterns, fingerprints and co. have.

MORE BLOG POSTS

What is Rootkit?

Understanding PGP Encryption

How to prevent DNS Spoofing

Company

Resources

ComplianCe