Tips and hints for how to use passwords securely
“Change your password” tag
Since 2012, every year on February 1st is the “Change your password” day. The launch was made by US tech blogs and Gizmodo, which in 2012 wanted to generate a kind of positive group compulsion to change passwords. At least the most important passwords should be changed once a year. But is this really so sensible and important?
Whether changing the password regularly really leads to more security is at least debatable. If you look at companies’ password policies, users will be prompted to change every few weeks or months. This often leads to users giving themselves an easy-to-remember password, garnished with a number. Thus, “password!12” quickly becomes “password!13” at the next change. There is certainly no greater security.
How to use passwords: users need to be made aware
But what is more important than changing your password regularly? A password should have a minimum of complexity. The most popular passwords in Germany show that this is still a problem today. The Hasso-Plattner-Institute (HPI) regularly publishes a list of the most popular passwords. The data base is 67 million access data that was leaked in 2019. In 2019, the HPI registered more than 178 data leaks that were included in its Identiy Leak Checker. 96 of these data leaks were confirmed by the service providers. The list of the most popular passwords Germany looks almost the same every year.
In addition, you should regularly check whether you have been the victim of data theft yourself. The HPI offers the aforementioned Identity Leak Checker. Since 2014, every Internet user can use the tool free of charge by entering the e-mail address and checking whether identity data could be freely circulated and misused on the Internet. The database now contains more than 10 billion identity data. Another tool to check whether your login and personal data are affected by data leaks based on the e-mail address is
What the data leaks also show: Reusing the same or similar passwords with different services is not a good idea. If a service is hacked, other services may also be directly compromised. Unfortunately, 59 percent of Internet users still Web.de the same password for multiple services, according to a survey by the email provider. According to this study, personal information is also standard for passwords.
Tips for a secure password
A secure password is not a witchcraft if you follow a few basic rules.
- Long passwords (at least 8 characters, better 15 or more characters)
- Use all character classes (uppercase, lowercase, numbers, special characters)
- No words from the dictionary
- Do not reuse the same or similar passwords with different services
- Using password managers
- Password change for security incidents and passwords that do not comply with the above rules
- Enable two-factor authentication when possible
Methods for secure password selection
A password becomes more secure the longer the password and the larger the character stock. This means how long it will take to calculate all possible combinations.
The character stock is size 10 if you only use numbers (0 – 9). If only letters can be used for a password, the character stock is already at 26 without and 52 with case. Numbers and upperandless letters result in 62 characters in the list of characters, with special characters one comes to 96 – 108 possible characters.
A 4-digit PIN – i.e. a short, simple password – has 10×4 possible combinations: 10,000 passwords. Calculating all combinations takes < 1 second. If you add uppercase and lowercase letters to the numbers, you will already get 62×4 = 14,776,336 possible passwords. But again, a normal PC needs < 1 second to calculate all combinations. With a password length of 12 digits, there are already 62×12 = 3 trillion > possibilities and it would take about 1,705 years for a normal PC to calculate all combinations. A cluster or a cloud would still take just under 6 years.
How to create a secure password?
There are several methods to create a secure password. One of them is the sentence method, which we briefly explain:
- Think of an easy-to-remember sentence: “My car is the fastest in the world.”
- Select single letters (e.g. first and last letters): Mn Ao it ds se dr Wt.
- Insert capital letters, sentences, and special characters: MnA01tss€drWt.
After entering this password five times, you will remember the tip pattern. This password gives 96×15 combinations and it would take over 500 million years to calculate all combinations. The Federal Office for Information Security (BSI) has some interesting tips for passwords and password security.