Would you give your account number to a stranger? Most probably not. But millions of internet users may as well be giving away their personal data (and money!) when using passwords that hackers can crack in a matter of seconds. Password managers provide methods for creating and managing truly secure passwords.
Whether it’s an email account, Dropbox or online banking, you’re constantly asked for a password in order to log in and use online services. When it comes to choosing a password, many users fall back on classic combinations comprising of names, birth dates or places since they are easier to remember. This mistake can lead to your password being cracked within seconds. Creating a strong password is more difficult than meets the eye.
Creating a strong password
For most online services a password is the only protection mechanism for sensitive data. If you rely on easy combinations for convenience when choosing your password, it will be easy for a hacker to crack your password and get access to your payment details or personal information, for instance. Even a simple dictionary attack is often enough to crack many popular passwords. For this kind of hacker attack, lots of passwords are run through a program. The passwords are made up of different character sequences that result in genuine words, which are then run through a kind of dictionary. A good password should therefore consist of 8 randomly-chosen alphanumeric characters as well as symbols. An important master key, such as one that opens a password safe, should be comprised of at least 12 characters.
Typical mistakes when choosing a password
To ensure that your password does not fall victim to hackers, make sure you avoid the following password mistakes:
A too-easy password
“123456”, “abcdefg” or “password” are some of the most popular passwords worldwide and are by far the least secure. Even a simple dictionary attack can pick out these combinations in seconds. Number sequences can easily be picked out, meaning that birth dates are also not a good choice.
A too-short password
A short password has one single advantage in that it is easy to remember, but what you save on convenience you lose on security. A strong password has to be at least eight characters long since short passwords can be deciphered in seconds by a brute-force attack (attempting many possible character combinations). Numbers, symbols and uppercase as well as lowercase letters should also be used in your password. Using the same password for several accounts Many sites are easy to hack so by using the same password for several websites, such as your online banking account or Amazon account, means that if one gets hacked, the hackers now have access to even more of your private data on other sites. There are helpful tools available to help you check how secure you password actually is such as “How Secure Is My Password?”.
Using a password generator
It is difficult to choose a good password even when you avoid the aforementioned mistakes and also choose a sufficiently long combination of characters. The password becomes easy to crack as soon as you try to find a personal or memorable combination. Therefore it makes sense to use a password generator. This resource is also available as an app such as the Password Generator App. All it takes is a few clicks and you’ve got yourself a strong password. These password generators are also available as freeware for your PC. Install a program like PWGen to generate strong passwords of desired length.
Using your own password system
You can use the following strategy to find a secure and variable password: Find a practically ‘uncrackable’ base/master password and then add a certain extension to it for every different web portal that you visit. A possibility would be to combine the master password with the name of the service, for example, PayPal or Ebay.
Example of a password strategy
When using the strategy mentioned above you certainly would not choose “master password+Ebay” as your password. You would instead omit the vowels or the second or third letter of the supplier and replace them in certain places in the master password, for example, always second, third and last position.
Say that your master password is G5w.&$;(9b.B and you want to create a password to use on Ebay. You could use the first and last letter of the company, which in Ebay’s case would be e and a, and place them at the end and third to last spot of the master password. Using a number to denote the length of the company’s name is also a convenient tactic. So for Ebay the password would be
4G5w.&$;(9bE.Ba and a further example would be PayPal: 6G5w.&$;(9bP.By.
Only use a master password for trustworthy websites
Even with sophisticated systems there is still a danger. If someone works out the pattern they could then use it to hack another account; therefore it is advisable to only use the master password on sites that are 100% trustworthy. You should use a different password for sites that are less important and less secure. Forums and communities, which are known to be less secure, offer the option of disposable passwords that can be used just once.
Remembering a password consisting of more than 12 characters is not easy. An easy trick is to set the combination as the user password on your PC then decrease the timer on the screen lock to two minutes. This means that you have to enter the password after every small break you take, which could prove a little annoying, but leaves the password etched into your memory.
The best tools for saving passwords
One last golden rule of password security is to never keep your passwords unencrypted (in plain text) on your PC, such as in an Excel file. They can easily be found by other users or a Trojan virus and therefore it is wise to use password managers, such as Password Safe, 1Password or LastPass to manage sensitive passwords. You will find more information on this topic in another article from our guidebook.
IONOS E-Mail Validation service
Check the authenticity of an IONOS email, find out straightaway if it is a phishing attempt and report it to remove the phishing content.