Cybersecurity

How S*** is your password?

The Swedish organisation SSF warns: People do not learn when choosing their password. And thus make it easy for hackers to gain access to personal data. Probably you, probably me, probably most of us. SSF's campaign is bold in its clarity and should remind many people that their password is more likely to be in the S*** category. 

http://www.akestamholst.se/case/your-password-is-shit/ http://www.akestamholst.se/case/your-password-is-shit/

The username is our real name, or the date of birth is our password? Then you will not only get hacked, but you will also get a nasty surprise when you open your online banking account. Why not give the cybercriminals the IBAN right away and save them some time?  Oh wait, you often don't even need to do that, because it's in your profile anyway - next to your credit card number.

I (and SSF) shouldn't have to say it so clearly, but this is all highly sensitive data that needs to be protected. And yet they are usually easy to hack. The reason for this is mostly weak passwords.

 

Your Password is S***

That's one of the slogans of the SSF and Akestam Holst (Agency) campaign against cybercrime. On Swedish streets and on the web, there have been many eyeballs for the eye-catching designs. And another one applies more than ever: Better safe than sorry.

But what are actually the Germans' most popular passwords? "123456" has been in first place, unchallenged for many years - the creative among us can count even further, at least up to nine. After that, it gets really innovative with "password". Many people even introduce themselves by name to their hacker with their password choice or greet him with "Hello". So we are friendly after all </sarcasm>. 

Secure password in just a few steps

The principle "very easy to remember = very easy to hack" is unfortunately true. I'm sure we've all read the guides on how to make a password secure. And here on //next we've also had tips on how not to do it - and how quickly it can come back to haunt you if you trust insecure passwords. But here are a few more basic tips on the way to a secure password - and at the end of this post I'll show you how I always do it privately.

http://www.akestamholst.se/case/your-password-is-shit/ http://www.akestamholst.se/case/your-password-is-shit/

1.    Use the first letters of a sentence

Confused strings of numbers, letters and characters have one problem: Nobody can remember them. The next time you log in, you will inevitably have to reset your password, including a new, easy-to-remember and easy-to-hack password à la "Hallo123" or "ILoveYouHacker111!

One way to counteract this is to use phrases. Example:

  • Sentence: I am lazy and don't bother with my passwords! Signed Michael, born 1995
  • Password: Ialadbwmp!SMb1995
  • To be on the safe side: add more special characters or numbers before, in between or after, alternatively replace letters with numbers (e.g. replace "E" with "3")

2.    Two-factor authentication

More and more websites offer two-factor authentication. This means that after successfully confirming the password, the user receives an SMS or a code via an additional app and has to enter it on the site. Only after that, the person gets access to his account/profile.  However, we have already examined the weaknesses of this method here on //next.

3.    Multiple accounts, multiple passwords

In the best case, each password is unique and is only used for one page or access. By unique passwords we do not mean "hello" or "Michael1975", but secure passwords with the above-mentioned method. If one is hacked nevertheless, the damage remains smaller. 

Regularly check media coverage

The target of some hackers are not individual users, but big companies. Usually, they use security holes to gain access to sensitive data. If the hacking attack is successful, it is usually fatal for users. It can happen that not only one's own e-mail address, but also the associated password and other data are openly available on the darknet.

As a user, there is not much you can do in this case. The only options are to change the password immediately or to delete the account. To at least know about it, you should always check the news, usually it is reported in the media.

Be creative, take your time when creating your password and from now on no more s**y passwords, promise? And here is my favorite password generation method: I simply wipe over my keyboard like this: xe3aytzrhinojp-bhmv. Add another capital letter, save your new safe password in a trusted password managing app and: go! 

Text: Markus Sekulla