Do you have a specific strong password for e-banking, every online shop and every email account that you can easily remember? Great, you're on the safe side. But if, like most of us, you spend more time resetting forgotten passwords than creating strong ones, read our blog.
A secure password should be a successful combination of lowercase and uppercase letters, numbers and special characters - and in sufficient number. A strong password comprises at least twelve characters, lowercase and uppercase letters, numbers and special characters.
In simple terms, long passwords are more secure than short ones, but of course there's little point in having a password such as "AAAAAAAAAAAAAAAAAAAAA". Sequences of numbers such as "123456" or keyboard lines such as "qwerty" are anything but secure. Passwords that are too simple are a windfall for amateur hackers. And no: "passw0rd" or "123451" are no better.
You should generally avoid words in the traditional sense, i.e. any combination of lower and upper case letters, special characters and numbers that can be found in the dictionary.
Here's an example: from a formal perspective, "G7 summit" meets the requirements of a secure password, but as it's a real word, it is already less secure. Why is that? Hackers use small programs (scripts) to easily check any word in the dictionary. In this instance, the password would be quickly hacked.
Ultimately, the mixture of length and combination of differing character formats determines how secure a password is, regardless of whether you only use special characters or a particularly large number of them.
Rather than working with automated scripts, there's a possibility that hackers can first see the details of a potential victim in publicly accessible profiles. This is because it is precisely this information that people often like using for their passwords. This doesn't come as a surprise, as these passwords are very memorable. For example, if a user states in his public profile that his rabbit is called Maxi, his favorite club is FC Barcelona and he's over the moon with his new Audi, hackers have already found three potential passwords. Passwords should therefore not contain any reference to the user.
According to a study conducted by password manager Nordpass, "123456" was the most popular password in 2020, relegating the 2019 number one "12345" into eighth place. Others in the top ten include password, qwerty or login.
No, because the standards simply define the framework conditions and are basically there to make passwords more secure. Even if these standards initially seem tiresome, they are there to increase security.
If the same user name is used, e.g. email address, it's advisable to use different passwords. The reason: if, in this instance, hackers have access to an online shop, they have access to all online shops used with this combination. The risk of consequential losses therefore increases substantially.
Password managers are available to solve this problem. These are programs installed on devices. After installation, they manage access details and save them securely. Imagine a type of list containing access details. This "list" is also secured and saved with a special password - the master password. Only the person who knows the master password can access the list.
Absolutely. Because it takes so much time and effort to create separately complex passwords. When doing so, everyone lapses into specific patterns, becoming more and more easy to predict.
The benefit of a password generator is that it works on a random basis with the guidelines for secure passwords. The generator doesn't lapse into the aforementioned patterns and unlike people, doesn't have a problem with complicated and long passwords.
Yes, these password managers are secure, as they save the access details on an encrypted basis. Either locally on the device or on the cloud if several devices are being used, such as cellphone and laptop.
The master password should follow the usual rules for secure passwords, and the user should be able to remember it. If the user can't remember this master password, the saved access details will no longer be available in the worst case scenario. This means that access to the accounts managed through the password manager will have to be manually reset and reconfigured. To increase security even more, two-factor authentication can be installed with many password managers.
It makes sense to change your password after three to six months. If you notice any discrepancies in your account, you should change your password immediately.
Even when using publicly accessible and therefore insecure Wi-Fi, the risk increases that your data on the end device you used has been read. Data leaks on major platforms such as comparis.ch or LinkedIn are also increasing. For users of these platforms, this means that they should change their password.
More than 80 percent of the security breaches caused by hackers can be traced back to weak or stolen passwords.
As the name suggests, two-factor authentication means that another step is added to the standard login comprising user name and password. This factor is transmitted via an app to the platform or SMS to the user. Only after successful input can login be achieved.
The security of the login is substantially increased by two-factor authentication. This is because login is no longer linked to a pure data set, but additionally to a physical end device, which in most instances is a mobile phone.
It is highly unlikely that both factors - data set and end device - will be stolen.
A password is hacked if attempts are made through trial and error to guess the password. If, for example, a password only comprises a few numbers between 0 and 9, few attempts are required before the password is hacked.
As the complexity of the password increases - through the combination of uppercase and lowercase letters, numbers and special characters - the number of attempts needed to guess the right combination through trial and error also rises.
Your password should: