Passwords are intended to protect data from external access, regardless of whether the content is stored on a private PC, smartphone, or on external servers at internet service providers. If you don’t follow certain rules when creating passwords, data thieves have an easy time. We’ve put together tips to help you create secure passwords.
Personalized logins are practical and indispensable in everyday IT life. Entering the username and password manually is all the more annoying, because hardly any action is possible without registering. Be it unlocking the smartphone, logging into an online shop, or a social network. Many speed up logins with short and simple passwords.
But if the login is cracked, the data is at risk. This can result in financial damage or the loss of data such as pictures and photos of sentimental value. It’s the same with stolen logins as with lost wallets: the organizational effort to minimize damage costs additional time and nerves.
Professional hackers use automated tools that test the most common character strings and entire dictionaries, as well as their combinations. For example, if a password consists of seven lower-case letters, there are almost eight billion possible character strings.
A so-called brute force attack, i.e. simply trying out all possible combinations, only takes a few seconds to try out all the character strings. In contrast, a brute force attack with a current high-end computer takes almost 50,000 years to try out all possible combinations of a twelve-digit password consisting of lower and upper case letters and numbers.
Tips for secure passwords
The Federal Office for Information Security has summarized a few tips for secure passwords.
- Passwords should not be too short and should be at least twelve characters long
- They should consist of upper and lower case letters, digits, and special characters
- Passwords should not be related to the private environment (names of family members, pets, birthdays, …)
- They shouldn’t be in a dictionary
- The string should not consist of easy-to-type patterns ( qwertz, 12345, … )
- When using umlauts, you may not be able to make any entries abroad on country-specific keyboards
Again and again, access data to accounts (email addresses, passwords, and other personal data) are stolen by criminals and published online. If you want to check whether your data is also affected, you can do this free of charge, for example at the Hasso Plattner Institute.