Despite all the warnings out there, some people still insist on using unsafe passwords such as "123456" or "password". But this is asking for trouble, according to experts.
"These passwords are completely insecure, easy to guess and easy to crack," says Professor Christoph Meinel, director of the Hasso Plattner Institute at the University of Potsdam in Germany.
There are two basic rules when it comes to the security of passwords. First, the longer and more varied the password, the safer it is. "The number of attempts needed to crack a password increases by a factor of 95 with every additional upper case letter, lower case letter, special character and number," Meinel says.
A five-character password takes about seven billion attempts to crack. However, with the recommended minimum length of eight characters, it's more than six quadrillion attempts – assuming the password isn't in any dictionary.
That's because a dictionary, if it's in electronic form, can be easily and quickly searched through.
Ideally, says Meinel, a password should include special characters and meaningless combinations of upper case letters, lower case letters and numbers.
The second rule is that the same password should not be used for more than one account. Every online service should have its own individual password – otherwise, attackers who acquire a password will immediately have access to all of your accounts and services.
"Only one third of providers use a secure method of obfuscation for password storage," Meinel says. The rest are stored using an outdated algorithm or in plain text, so are freely available on the Internet after an attack – without the affected parties knowing about it.
But how are you supposed to remember a complicated password? One method is to think of a sentence and use the first letter of every word to form a password, using capital letters for nouns, Germany's Federal Office for Information Security (BSI) recommends.
For example, the phrase "I get up in the morning and brush my teeth for three minutes" would produce the password "IguitM&bmTf3M."
The BSI advises against using well-known quotes or song lines as there's a greater danger they'll be cracked than something you make up yourself.
Passwords shouldn't be written down, and certainly not on sticky notes stuck to your monitor or in unencrypted documents stored on your computer. Probably the best way to remember them is to use a password manager program. They can not only store passwords in a securely encrypted form, but also generate strong passwords.
The most important thing about using one of these programs is to remember and protect the master password used to unlock the password safe.
If you want to further increase the protection of an online account, you should – assuming it's offered by the respective service – use two-factor authentication.
This means that when you log in, you need a PIN, SMS code or app-generated key in addition to your password, so attackers are denied access even if they have your password. – dpa
Already a subscriber? Log in.
Limited time offer:
Cancel anytime. No ads. Auto-renewal. Unlimited access to the web and app. Personalised features. Members rewards.
Follow us on our official WhatsApp channel for breaking news alerts and key updates!