The best tips for secure passwords

To protect your data online, it is essential to create a secure password. Here are the best tips to ensure secure passwords. For anyone navigating the internet, passwords are a part of everyday life. For almost every online service used, there is a separate username and password. This starts with logging in to your home PC or smartphone, which cannot be operated without entering a password. It continues with traditional online services such as web hosting packages, email accounts, or online banking. Nowadays, all social media accounts from Facebook to Instagram to Twitter are included. Every online shop or video streaming service also requires users to create a secure password.

As a unique password is recommended for each of these services, it can quickly become overwhelming. This ultimately leads to security risks: users often become a bit careless due to the increased organizational effort caused by all the passwords. For example, they may resort to using insecure passwords or reuse passwords.

Methods Used by Password Thieves

How do hackers actually obtain your passwords? Various methods are used to discover passwords for accounts or online services. Understanding how hackers operate can help in creating a secure password.

Brute Force Attacks

A brute force attack describes the process where hackers simply try all possible combinations until the password is guessed. The entire attack runs automatically. A computer program can try a variety of character combinations in a fraction of a second. Short passwords with few characters are particularly vulnerable here, as they can be quickly guessed.

What Makes a Secure Password?

When creating a secure password, consider the following criteria:

Password Length

Generally, the rule is: the longer the password, the more secure it is. Passwords with at least 8 characters are usually recommended, but for increased security, it is better to use a password with at least 12 characters. However, when it comes to protecting particularly sensitive areas, it may not hurt to use a password with 20 characters or more.

Password Characters

When creating a secure password, it's important not to limit yourself to letters only, but to make full use of all available characters. This includes not only uppercase and lowercase letters but also numbers and special characters. The only caution should be with umlauts. For example, on an international keyboard, the keys "Ä", "Ö", and "Ü" are not available. This could lead to problems when travelling abroad and trying to log into your email account on the go.

How to Remember Secure Passwords?

Once you have assigned a secure password with multiple characters, numbers, and special characters for each account, you may face the challenge of how to remember them. Especially with a randomly chosen sequence of characters, there are no clues. Fortunately, there is a simple trick to easily remember complex passwords: by creating a memorable phrase that can serve as a mnemonic:

This is my secure password that I will not forget easily.

Taking only the initial letters from this phrase, you get the following word:

TimsP,tinmfsfw.

Now you already have a relatively secure password with uppercase and lowercase letters as well as special characters, which can still be further optimised. For example, the letter "s" can be replaced by the digit 5 and the letter "i" by the ! symbol. Thus, you get the following word:

T!m5P,t!nm55fw.

Now you have a very secure cryptic password that you can still remember well.

Regularly Change Passwords

By changing your password at regular intervals, you can reduce the risk of being hacked. Typically, security breaches only become public much later, meaning passwords have already been compromised long before you find out. If you only change your password after a security breach is announced, it is often too late, as hackers have likely already used the stolen credentials. Changing your password regularly can help prevent this issue.

However, due to the regular password changes, one should not become complacent. Users often switch from a complex password to an easier one. Just because you change your password frequently, you should not feel falsely secure. Each time, a unique, complex password must still be chosen.

Common Mistakes in Password Creation

When creating a secure password, one should avoid the following mistakes:

Avoid Common Words

Avoid using any words that are easily found in the dictionary. Common terms like 'cat' or 'skyscraper' are easy for hackers to discover.

Avoid Repeating Characters

Avoid using passwords that consist of repeating or sequential characters. Strings like 1111, abcd, 1234, or aaaa are quickly cracked.

Avoid Context-Specific Passwords

Passwords directly related to the corresponding login should not be used. This means, for example, not using the password 'email123' for email logins.

Avoid Personal Information

When creating passwords, avoid using words and number combinations that have a personal connection. Your own birthdate or the birthdates of your children are off-limits, as well as your spouse's name.

Do Not Reuse Passwords

For each online service or account, create a unique password. If hackers manage to obtain a password through a security vulnerability, not all accounts are immediately compromised.

Avoid Compromised Passwords

Passwords that have been previously exposed in a data breach should not be used. The website haveibeenpwned.com is a useful resource for this. Here, you can check if specific email addresses or usernames have been compromised in known data breaches, and you can also search for individual passwords. The database now contains over 300 million compromised passwords.