Simply secure passwords

Security 30. December 2016

Hand on heart: Do you use one and the same password for several online services? Or far too simple passwords, because it is almost impossible to remember a good password? Then you may be living dangerously.

Imagine the following scenario: Lena uses “Emefuwumi&611!” as a password on Facebook, GMX Mail, Amazon, and her recipe site. Lena’s password may be considered secure because it consists of a combination of letters, numbers, and special characters. But because she uses the same password on several services, it is only as secure as the weakest link in the chain.

Facebook, GMX & Co invest a lot in security. It is unlikely, though not impossible, that hackers can get hold of passwords there. The situation is completely different for the recipe site. Security doesn’t play a major role for its operators, since there are only recipes to be found there. But because Lena uses the same password (and email as username) everywhere, attackers can also gain access to her email or Facebook account.

Test now!

Don’t think you could be affected too? Check your most used usernames here.

Let’s take a look at another scenario: Max uses a different password for every online service. The problem with this is that his passwords are easy to guess, e.g. FBMax1981 for Facebook, DBMax1981 for Dropbox, etc. To crack such a password, a computer needs only four days. For comparison: Lena’s password would take a computer 204 million years to crack. Test your own password here.

How can I easily remember a secure password?

Variant 1: Take a long enough sentence e.g. “This is my secure password that I can remember really well!” If you take the first letters and punctuation marks, this results in: TimsptIcrrw! If you add numbers, the password becomes even more secure.

Variant 2: Take a phonetically well-sounding letter combination, but which does not make a word, and supplement it with a special character and a number. For example, Etiwunaki%273. Your brain can remember such a password much better than a non-sounding letter combination thanks to the sound. Try it out. You can generate password suggestions here.

Since it is practically impossible to remember multiple, truly strong passwords such as (?’15jkEla4Po/$ or FzQH:V%&~54M7pgo, you should use technical tools to manage your passwords for the sake of your security. Modern web browsers such as Firefox, Chrome or Safari offer the possibility to save passwords and synchronize them between different devices by default. For more advanced needs, there is for example the open source software KeePass or commercial services like 1Password or LastPass.

Basic rules password security

Use strong passwords that consist of letters, numbers, and special characters and are at least 14 characters long.
Use a separate strong password per service.
Use appropriate software tools to store your passwords. This will eliminate the need to remember most passwords!
Create passwords that you need to know by heart (e.g. computer login or password manager master password) using one of the methods described here.
Do not write down your passwords anywhere. Not even in a document on your PC. If you do this anyway, treat this piece of paper or document at least like the access to your safe!