Secure passwords - here's how

PC, laptop, smartphone: We are in the midst of the digital age and the majority of people are connected everywhere and at all times. The World Wide Web, however, harbors numerous dangers for everyone’s privacy. Numerous pieces of malware make their way through the Internet every day and reach users, some of whom are unsuspecting, not only via their electronic mailboxes.
In order to better protect sensitive data such as bank details, but also other personal data and private image treasures against potential attacks, password security is becoming increasingly important. But many people are still too careless when it comes to choosing a password. The most popular entries still lack the necessary password strength.

The Top 10 most common passwords:

  • 123456
  • 123456789
  • qwerty
  • password
  • 12345
  • qwerty123
  • 1q2w3e
  • 12345678
  • 111111
  • 1234567890

IS YOUR PASSWORD ON THE LIST?

Many Internet users simply hope that it won’t hit them. But what if it does? What if the password for Ebay has been stolen, which may also be your key to Paypal, various online stores, and your Facebook and e-mail accounts? Then there’s a risk that third parties will log in and use false data to place orders on the Internet – but the invoices will go to you. Third parties can also use your logins to conclude contracts, send messages, change profiles and much more.

How can thieves obtain your passwords?

There are two main reasons why others can find out your passwords:
  • Data leaks at major online companies mean that millions of user names and passwords repeatedly fall into the hands of criminals. The Hasso Plattner Institute (HPI) at the University of Potsdam has long assumed that billions of user accounts have been affected. The passwords and personal information of the owners circulate in long lists and can theoretically be found by anyone on the net. Anyone affected by this should urgently change their passwords. You can check online at HPI whether your e-mail address is affected.
  • Besides such data leaks, a poorly chosen password is still the most exploited security hole on the Internet. That’s because hackers can quickly figure it out with the help of automated programs that test thousands of entries from dictionaries in conjunction with number combinations in a matter of seconds. The researchers at the University of Potsdam examined more than 67 million access data with e-mail address ending in .de, which originated from data leaks in 2019 and are freely available on the Internet. The result: in Germany, the password “123456” is currently the most popular, followed by “123456789” and “12345678.” It hardly gets any more insecure than with passwords like these!
It is also conceivable that strangers could obtain your login data by phishing, for example with manipulated e-mails. You can find out what to look out for in suspicious e-mails in our phishing section.
To be safe on the net, it is therefore especially important to
  • If possible, use a separate password for each service. If there is a security hole in one of the portals, criminals will not be able to log in to all your other accounts.
  • Choose passwords that are as secure as possible and cannot be easily guessed.

6 rules for a good password

  1. A password should be at least 10 characters long.
  2. It should consist of upper and lower case letters, numbers and special characters (e.g. § & ? * ! ?) and should not be found in a dictionary or be related to you and your family. So do not use names, dates of birth, telephone numbers or similar.
  3. It should not be a mere sequence of numbers (12345…), alphabetic letters (abcdef…) or a series of adjacent keys on the keyboard (qwertz…).
  4. The more sensitive an access is (for example, online banking), the more care you should take in choosing a strong password. If the provider does not set a character limit for the password, the longer the better!
  5. Do not choose one password for all portals, but create your own passwords for at least the most important and most frequently used services.
  6. Change a password if it was sent to you by a provider and you have logged in there for the first time. Other reasons for changing the code would be that your online service provider asks you to do so, major data leaks become known or your device has been infected with malware.

For a long time, it was recommended to change passwords regularly. Many users tended to weaken their passwords to make them easier to remember. That's why security authorities like the BSI no longer issue this recommendation.

How to create good passwords

  • Build memorable bridges when creating passwords, for example, by thinking of a sentence that you will recall whenever you need it, and using only the first letter of each word and the punctuation marks. For example, “I phoned Mary, but the line was busy.” becomes the password in this way: “IpM,btlwb.”. It is best if you have freely invented such a sentence and not read it somewhere.
  • As inconvenient as it may be, do not use such passwords for multiple services, if possible! Even variants like IpM,btlwb.-E-Mail for the e-mail account and IpM,btlwb.-PC for the login on the computer are easily guessed by strangers.
  • You can also create and save a password with special password managers

Keep password lists secret

Write down the password in a protected place – not on a piece of paper on your PC, not in your wallet or collected in your calendar. The same applies to computers and smartphones: Do not create unprotected files with passwords that strangers can easily open. Do not send passwords by e-mail, text message or similar means.
Be careful about storing passwords in your software, e.g. in the e-mail program, the browser, on the smartphone, etc. If the programs store your data unencrypted and/or the device itself is not well protected, others can then access your user accounts with your PC or smartphone.

Password managers help with creating and remembering

Creating complicated passwords, having a separate one for each user account and remembering all of them without access for third parties: password managers can be a good help in this. On the Internet you can find various software with which you can manage your passwords and store them in encrypted form.
If you use a password manager, then you must select a central password with which the software can be started and the stored passwords displayed. This so-called master password should be particularly secure. It is best to choose a particularly long password, with 20 characters or more. Do not tell anyone, do not write it down, and do not use the password manager on unprotected, third-party devices that could be infected with malware.

Tips beyond strong passwords

Two-factor authentication: Many online service providers offer procedures that require you to identify yourself in a second way in addition to your password in order to log in. This so-called two-factor authentication is available in numerous variants, e.g. as a code via SMS, with a TAN generator for online banking or an app. Caution: Even with such a method, you should not do without secure passwords!
Unlock smartphone: On smartphones, it’s particularly convenient to have passwords saved in the apps so that you don’t have to re-enter them every time you start up. This poses additional risks. If the smartphone is stolen, the thief could gain access to online banking and other accounts. Therefore, store as few passwords as possible on your device.
Many smartphones can be encrypted – use this option, not only if you store passwords on the device.
You should also set up an automatic screen lock and choose a method for unlocking that is as secure as possible. We give tips for what advantages and disadvantages patterns, fingerprints and co. have.
Login alliances / single sign-on: Providers such as Facebook, Google, Amazon, “Verimi” and “NetID” offer solutions for logging in to other apps and sites with their login data. The procedure is called “single sign-on”. We are critical of this, not only from a data protection perspective (these companies can, for example, find out when you logged in and where). A central login to one of these services also means that criminals can have particularly easy access to many of your other user accounts in the event of a data leak there. You can read more about this here.

MORE BLOG POSTS

RMM

Top 11 RMM tools

Top 11 RMM tools Remote Monitoring and Management (RMM) tools are essential for IT professionals and Managed Service Providers (MSPs) to efficiently manage and monitor

Read More »
Comparison

Top 8 WSUS alternatives

Top 8 WSUS alternatives Windows Server Update Services, commonly referred to as WSUS, serves as an essential element within the Windows Server ecosystem. It empowers

Read More »

Subscribe to our newsletter!

Get all latest news, exclusive deals and updates + free 30 day XEOX trial.