9 October 2020 | Service tips

Password? The secure way to protect your online accounts

Regardless of whether it's the front door key under the welcome mat or the PIN for our debit card in our wallet: we actually know better, of course, but for many people convenience outweighs security. No wonder, then, that "123456" and the like are still among the most popular passwords. In addition, many people use their passwords like a master key, i.e. they use one and the same password for their email, online shopping or social media accounts. In the worst case, password thieves can log into all these user accounts at once and place orders on the Internet or send contracts and messages - in your name. That's why a secure password is the best protection against this.

How are passwords cracked?

There are basically two ways in which fraudsters can access your user accounts: through data leaks from online companies or through badly chosen passwords. With the help of appropriate programmes, hackers can test entries from dictionaries in combination with number combinations within a few seconds.

However, this method only works if your password consists of a "real" word. For this reason you should avoid terms that can be found in the dictionary, for example. Also, family names, first names or place names etc. as well as your telephone number, postcode or the dates of birth of your relatives are no basis for a secure password. But how do you find a password that is not only secure but also easy to remember? Today we will show you how.

The length is what matters!

While online security experts initially advised that passwords should be as complicated as possible, nowadays the principle of "length beats complexity" applies. Your password should therefore be at least ten characters long. But be careful, this is only a rule of thumb. Before you choose a German word like "Donaudampfschiffartskapitänsmützenschirm" as your new password, remember that a really secure password relies on length AND complexity.

Ensure that you have variety!

Avoid using sequences of numbers or figures such as "abcd" or "1234" and sequences of letters on the keyboard, such as "qwertzuiop". A secure password consists of upper and lower case letters, numbers and special characters such as $ % * or #. One popular trick is to replace letters with similar-looking numbers. For example, a 0 can stand for an O, a 1 for a capital i or small L, a 3 for an E, a 4 for an A, a 5 for an S or a 7 for a T. This also works with special characters, a $ can also replace an S. Using the above example, the "Donaudampfschiffartskapitänsmützenschirm" would become: D0n4ud4mpf5ch1ff4hr75k4p1tän5mü7z3n5ch1rm or. D0n4ud4mpf$ch1ff4hr75k4p1tän$mü7z3n$ch1rm.
Here too, the following applies: not every "T" has to become a 7. Vary the possibilities and embellish your password with special characters.

But even the alternation of upper and lower case letters and the use of numbers as letters can still be perfected, for example with mnemonic devices: in this way "A bird in the hand is better than two in the bush" becomes L3$4dHad74dD - by using only the first letters of each word, you get a seemingly unconnected sequence of letters and numbers instead of a word which can be found in a dictionary.

What you should also note

Even the most secure password can be cracked if an online retailer suffers a data breach. You should therefore regularly check whether user accounts linked to your email address are affected by such a breach. This can be done, for example, using a service of the Hasso-Plattner-Institute (HPI) at the University of Potsdam. If your user account is affected, change your password immediately. This also applies if your personal terminal device has been infected by malware. Some of these programmes read your access data and transmit it to third parties. You should therefore first have your end device thoroughly cleaned and then change all your passwords. In general, the following rule applies: Update your passwords regularly and use a separate password for each service. This will prevent fraudsters with one cracked password from gaining access to all your accounts. 

Get the support of a password manager

If this is too complicated for you, you can get support. Similar to a safe, which keeps its contents secure and can only be opened by a person with the right key, password managers administer user names and passwords. You only have to remember the master password – but this should be particularly secure for this purpose! You can find further information on the website of the Federal Department for IT Security.

By the way: what is already standard in online banking is now also becoming the norm for many online service providers. The so-called "two-factor authentication" is based on knowledge, i.e. knowing your password, and an additional verification stage. After entering your password you are asked to identify yourself in a second way, for example by means of a code that is sent to your smartphone by SMS. But one thing is also clear: you should always play it safe. With a strong password you're always on the safe side!