Changing passwords - when is it necessary?

Year after year since 2012, Feb. 1 has been national "change-your-password day." But what do strong passwords look like? And how often should you change your passwords?

Why secure passwords are important

Banks, online stores, social media - there are numerous services on the Internet where you need to create an account to use their functions. Almost always, your online accounts contain sensitive data, for example, your email or postal address, your date of birth, or information about your financial situation. These data are interesting for cyber criminals. That's why they try to hack user accounts, that is, crack passwords to gain access to the data. If they succeed in doing so, the hackers may, for example, plunder your online bank account, make purchases in online stores in your name and with your credit card, or misuse your address.

In order for the cyber attackers not to succeed in guessing your passwords, it is important that you use strong passwords for all Internet services. The more complicated a password is, the harder you make it for criminals to gain access to your user account.

How do I generate a secure password?

Hackers use computer programs called bots to test passwords automatically. The bots try out different character strings again and again until they get a hit. A password like "hello123" or "ichliebedich" can be cracked by bots within seconds.

Experts therefore recommend that account holders use a password length of at least eight characters. The string should contain upper and lower case letters as well as numbers and special characters. Standard passwords such as strings of numbers (for example, 12345), names of family members, or characters that are next to each other on the computer keyboard (for example, qwertz) should be avoided.

In addition, it makes sense to generate a separate password for each account. Otherwise, an attacker who finds out the password for one of your accounts will have easy access to all your other accounts as well. As a general rule, don't tell anyone your passwords - neither supposed employees of Internet services on the phone nor your colleagues at work.

How can I remember strong passwords?

Storing a separate password in your head for each online account is difficult, especially if you have chosen very strong passwords. However, there is a trick you can use to remember even long strings of characters.

The easiest way is to create a password phrase. This could, for example, read like this: I will go to ERGO on Monday if it snows by 9:00. The password consists of the first letters of each sentence. To further secure access to your account, you can also change letters to special characters or numbers. For example, if you replace I with ! and E with 3 in the sentence above, the secure password will be "!waMz3g,web9Us".  

How often should I change my user password?

For a long time, experts recommended changing passwords regularly. However, this led to users having an even harder time remembering their passwords and therefore using overly simple variations again. Today, the recommendation is: If you already have a secure password, you don't need to change it.

You should replace passwords that are still insecure with secure combinations. If your account has been hacked, you should also choose a new password that protects your account better than the previous one. You should also make a password change for preset passwords, which are often assigned automatically when you first create an account.

What is a password manager?

If you find it too tedious to think of and remember your own password for every online access, you can use a password manager. Password managers are software programs that allow you to generate and manage secure passwords. The password manager is protected by a master password. So you only need to remember the master password - the password manager automatically selects the different passwords for each online service.

Some programs store the passwords locally on your device, others end up encrypted in a cloud. Cloud-based password managers have the advantage that you can synchronize your password database for different devices. The disadvantage is: you entrust access to all your sensitive data to a company and do not know how securely it is kept there.

Password managers, which are integrated into many web browsers such as Google Chrome or Firefox, are not recommended. The passwords stored there are automatically retrieved as soon as you visit a website that requires a password. Malware can access the browser's built-in password managers relatively easily, so the risk of you being hacked is high.

What are password cards?

Password cards are an aid to creating and remembering secure passwords similar to a template, but a matter of taste. It is usually a table with many fields with different letters, numbers and characters. There is usually one character per field. To create the password, you choose a starting point (for example, the upper left corner) and think of a path or shape, for example, an "L". This means, for example, that you move from the starting point six fields down and four fields to the right. The secure password then results from the characters in the fields that this path crosses. Only you should not mark the way. You can even leave the map open, because without starting point and path nobody can read anything. To avoid losing the map, it is best to save it digitally.

What is two-factor authentication?

A very secure login option is two-factor authentication. In this case, you legitimize yourself twice before gaining access to an online service. The first factor is usually your password. The second access factor can be, for example, a code number from an SMS sent to your personal cell phone, so that only you can access it. There are also TAN generators. These send you the second password via an app or via an external device that you receive from the online service.

Text: ERGO Impulse

Most popular