- Technology
- •
Why ‘123456’ is not a secure password
To mark ‘Change your password’ day on 1 February, we present 10 things you should bear in mind when creating passwords in this article.
1. use a password manager
The most secure way to organise your passwords is to use a password manager. The open source software KeePass XC has established itself as the standard. The application collects all passwords in encrypted form and is only accessible with a master password, which must fulfil high security requirements. When using password managers, it is important to always create a backup of the password file. If the original file is lost, you can still access your encrypted passwords via the backup.
The security of the passwords themselves increases if you have them generated by software. If you decide to come up with your own passwords, you should bear the following points in mind:
2. the more, the better
The more characters a password contains, the more secure it is. Passwords with 20 characters are more secure than passwords with just eight characters. However, the rule ‘the more the better’ applies not only to the number of characters, but also to the variety of characters. A combination of upper and lower case letters, numbers and special characters is essential to increase the complexity of the password.
3. no personal data
Nicknames, birthdays and places of residence are not the basis for good passwords, as knowing some personal information could allow access to a lot of account data. You should therefore avoid personal references in passwords and prefer to use abstract terms.
4. do not use existing words
In general, existing words that can be found in the dictionary are at a much higher risk of theft than abstract combinations of letters and numbers. Even though ‘Bundesgartenschau’ may not sound obvious at first glance, something like ‘Wd6/fX!?’ is still safer.
5. do not replace letters with characters
A widespread strategy is to replace individual letters of real words with special characters. So instead of ‘password’, ‘P@ssword’ is entered. Although this integrates special characters, the tactic is too widespread to be really secure.
6. no numbers or letter sequences
Sequences of numbers and letters are often found in passwords. However, neither ‘12345’ nor ‘abcde’ are secure passwords. Sequences such as ‘ababbcbc’ are also insecure. We also advise against letter sequences based on the laptop keyboard, such as ‘qwertzui’.
7. create mnemonics
A good password is therefore characterised by a complex combination of letters, numbers and special characters. In order to memorise these combinations and actually be able to integrate them into everyday life, mnemonic phrases are useful. An example:
The password ‘jMu4lS3mdiW!’ can be easily internalised with the sentence ‘Every morning at 4 a.m. she walks through her flat 3 times!’.
8. use a separate password for each account
Even if it seems complicated at first, it is important to think of a separate password for each account you create on the Internet. Otherwise, the theft of a password can give hackers access to several accounts. To reduce the number of passwords, you can first ask yourself how many user accounts you actually need. Deleting inactive accounts not only contributes to increased data security, but also prevents user data from continuing to be collected. You can then think about a system for organising your passwords.
9. benefits of two-factor authentication
More and more companies are now offering two-factor authentication (2FA for short) to make logging in more secure. In certain areas, such as banking, 2FA has already established itself as the standard. With 2FA, the login must be confirmed by a second instance, such as a code from a text message or confirmation in an app on another device. This process increases security enormously.
10. change passwords if data theft is suspected
In conclusion, it should be said that password theft is now widespread and occurs regularly. If you suspect password theft, for example due to unauthorised orders or account activities, you should therefore change your password in any case and inform the platform responsible about the theft.
Secure passwords are no guarantee against data theft, but they do go a long way towards reducing the risk. We hope that these tips will help you navigate the internet more securely in future.