In today's digital world, passwords are very important. On PCs, laptops, or smartphones, we have little helpers installed everywhere that manage sensitive data, such as bank details or other personal information. To avoid becoming a victim of fraud, theft, or even identity theft, passwords should therefore be as secure as possible.
Unfortunately, passwords like "123456" remain popular and are often used. The problem is that weak passwords can be easily guessed or calculated. And if you're registered with the same email address for every online service and use the same password everywhere, the chance of something happening is extremely high:
Many are also unaware of the diverse consequences that can arise from passwords being spied on, guessed, or calculated.
For example, if your email account is hacked, your email address is usually also stored as a recovery address for shops like Amazon or eBay. And just like that, the attacker can go shopping with your payment information. Or they can see your personal photos in the cloud. They could also pretend to be you on social networks like Facebook or Instagram. Access to business documents or health records are also common targets of such attacks.
By the way, you can check whether your data is at risk with our software Identitiy Inspector!
Therefore, we will show you strategies here for using secure passwords in the future. How can you choose the most secure password possible? How can you best manage passwords? And how can you secure yourself even further?
How long do attackers need to crack a password?
Many users use passwords based on personal data: their own birthday, names of family members, or pets. If this data is known, it usually goes very quickly. Powerful computers can generate and test around a million passwords per second. A five-character password can therefore last about 30 minutes in the best case. If private data is used, it goes significantly faster.
For an 8-character password with upper and lower case letters, numbers, and special characters, modern computers need several months. Each additional character increases security. If your password consists of 15 characters, it will take about 30 years.
How do thieves or hackers proceed to steal passwords?
First off: hackers are at least as clever as you. 😊 If a hacker is targeting you directly, they will first inquire in your personal environment. However, most of the time it doesn't matter to hackers from whom they can obtain personal data. Then access data is requested via spam emails or data from hacks is simply used. Large (but also smaller) companies are regularly hacked and this data is sold or otherwise published. Well-known websites such as Adobe, Adult Friend Finder, Avast, BitTorrent, Comcast, Creative, Dropbox, Kickstarter, LinkedIn, Snapchat, Sony, and many other companies/websites have already been victims of these attacks. And if you have an account there, then this data is essentially freely available.
The most popular passwords
Unbelievable, but true: the most popular passwords are still simple combinations of numbers, i.e.:
- 1234
- 12345
- 123456
- 1234567
- 12345678
- 123456789
- 111111
- 22222 etc.
The following words are also frequently used:
- hello
- password
- qwerty
- login
And then also in combination with numbers:
- hello123
- password123
These passwords cannot really be secure – or what do you think?
What is a secure password? What does a secure password look like?
We advise you to use passwords with as many characters as possible. You should definitely use at least 8 characters. Some experts also advise using 15 or more characters. However, please remember that you will also have to enter the password again and again.
Under no circumstances should you use dictionary terms or names. A secure password should contain upper and lower case letters, numbers, and special characters. And using one and the same password for multiple online services should definitely be taboo!
How to create a secure password? Tricks for a secure password:
- Do not use real words or words that look like them. "Password" or "Pa$$w0rt" are not a good idea. Names and birth dates also belong in this category and should never be used!
- Avoid repetitions, palindromes, or keyboard patterns: "qwertz" is also not a good idea and is still very frequently used!
- Avoid umlauts! Ä, ö and ü can often cause problems, especially with foreign services.
- Definitely use upper and lower case letters!
- Your passwords should also contain numbers and special characters such as #, *, % or &. But please not just these four special characters, there are many more!
- You should mix letters, numbers, and special characters! For example, don't use four letters first, then two numbers, and finally two special characters.
- Length matters: If it needs to be very secure, e.g., for a Wi-Fi password, feel free to use 20 characters.
- How can you easily remember your password? Use sentences as a basis as a mnemonic. For example, "In summer I go to the outdoor pool" results in "ISgittOP". Supplement this with numbers and special characters. Your creativity knows no bounds!
What else should be considered for passwords?
If you don't want to constantly invent new passwords, a password manager is generally recommended. Our SecuPerts Cyber Shield software, for example, includes a good password manager. In addition, it is advisable to use so-called two-factor authentication for important services. For example, your Amazon account can be additionally secured. The service provider will then send you a numerical code via SMS or app every time you log in or every time you want to log in to the provider with a new device. You can only log in if you enter this numerical code!
How secure is my password?
In any case, remember: a password is only secure as long as no one else gets their hands on it! If you want written security, you should not store passwords freely accessible anywhere. By the way, it's also a good idea to make access data accessible to relatives or family members. So that your digital legacy is accessible in case of need.
Store passwords or not?
If you use a password manager, they are usually well protected. However, you should consider whether, for example, you allow your browser to store all data. Not all applications or browsers store passwords in such a way that they are at least difficult to access. For browsers, for example, the Windows password is usually sufficient - and all passwords are quickly viewable!
Is my password 100% secure with this?
Let's put it this way: if you understand our tips and advice, you're close! Unfortunately, the data is also stored with online providers, and these can - as already mentioned above - also be vulnerable. We will therefore soon release software that you can use to monitor whether your email address is stored with a hacked provider. You should then immediately use a new password with these providers!
Pay attention to SSL encryption!
The best password is of course not worth much if you enter your password on an unencrypted page and store it there. You should definitely make sure to only use websites with SSL encryption. You can recognize this in the browser's address bar. If only http is used as the protocol, the connection is insecure and can be intercepted. You should then immediately switch to https. This is displayed differently depending on the browser. For example, Chrome always shows whether the current page is secure or insecure.
Conclusion: A good or secure password should…:
- have at least 8 characters and consist of more than one word
- possess a certain complexity
- only be known to you
- be usable without complications, e.g., by using a password manager
- be monitored regularly
- only be used with SSL encryption
- be secured as much as possible with two-factor authentication
