Many internet users just hope it doesn’t affect them. But what if? If suddenly the password for Ebay has been stolen, which at the same time might be the key to Paypal, various online stores as well as to your Facebook and e-mail account? Then there is the danger that third parties log in and make orders on the Internet with false data – but the bills go to you. Strangers can also use your logins to make contracts, send messages, change profiles, and do much more.
Download videoOnly when you click on "Show content are clicked, a connection to YouTube is established and data is transmitted there. Here you can find its instructions for data processing.
How do thieves get passwords?
There are two main reasons why others can get hold of your passwords:
Through Data leaks from large online companies millions of user names and passwords fall into the hands of criminals. The Hasso Plattner Institute (HPI) at the University of Potsdam has long assumed that billions of user accounts have been affected. The passwords and personal information of the owners circulate in long lists and can theoretically be found by anyone on the net.
It is also conceivable that strangers could obtain your login data by phishing, for example with manipulated e-mails. What to look out for in suspicious e-mails can be found in our phishing section.
To be safe on the net is therefore particularly important:
- Use as much as possible A separate password for each service. If there is a security gap in one of the portals, criminals cannot log in to all your other accounts.
- Select passwords that are as secure as possible, that are not easy to guess.
The most important tips at a glance are provided by the German Federal Office for Information Security (BSI) in a fact sheet.
6 rules for good passwords
- A password should be at least 10 characters long.
- It should consist of upper and lower case letters, numbers and special characters (z.B. §& ? * ! ?) and cannot be found in a dictionary or be related to you and your family. So don’t use names, dates of birth, telephone numbers or the like.
- It should not be a mere string of numbers (12345…), alphabetic letters (abcdef…) or a series of adjacent keys on the keyboard (qwertz…).
- The more sensitive an access is (for example, in online banking), the more care you should take in choosing a strong password. If the provider does not set a character limit for the password, the longer the better!
- Do not choose one password for all portals, but create your own passwords at least for the most important and most used services.
- Change a password if it was given to you by a provider and you have logged in there for the first time. Other reasons to change the code would be that your online service provider asks you to do so, major data leaks become known, or your device has been infected with malware.
For a long time it was recommended to change passwords regularly. Many users have thus tended to weaken their codes to make them easier to remember. That’s why security authorities like the BSI no longer issue this recommendation.
How to create good passwords
- Build mnemonic bridges when creating passwords, for example, by thinking of a sentence that you will think of again and again and only use the first letter of each word as well as the punctuation marks. For example: "A blue, small horse reads coffee grounds on the excursion steamer." becomes the password in this way: Eb,kPlKadA. It is best if you have made up such a sentence and have not read it somewhere.
- As inconvenient as it may be, do not use such passwords for multiple services, if possible! Even variants like Eb,kPlKadA.-Email for email account and Eb,kPlKadA.-PCs for logging in to computers are easily guessed by strangers.
- You can also create and save a password using special password managers – read more below.
Keep password lists secret
Write down the password in a protected place – not on a piece of paper on your PC, not in your wallet or collected in your calendar. The same applies to computers and smartphones: do not create unprotected files with passwords that strangers can easily open. Do not send passwords by email, text message, or any similar means.
Be careful about storing passwords in your software, z.B. In the e-mail program, the browser, on the smartphone, etc. If the programs store your data unencrypted and/or the device itself is not well protected, others can then use your PC or smartphone to gain access to your user accounts.
Password managers help to create and remember passwords
Creating complicated passwords, having a separate one for each user account, and remembering them all without third party access: password managers can be a good help here. On the Internet you can find various software to manage your passwords and store them encrypted. The BSI calls z.B. the KeePass program. Stiftung Warentest published test results for 14 password managers in January 2020.
If you use a password manager, you must select a central password with which the software can be started and the stored passwords can be displayed. This so-called master password should be particularly secure. It is best to choose a particularly long password, with 20 characters or more. Don’t tell anyone, don’t write it down and don’t use the password manager on unprotected, foreign devices that could be infected with malware.
Password tips from the BSI
You can also find detailed tips for secure passwords on the BSI website:
Tips beyond safe passwords
Two-factor procedureMany online service providers offer procedures that require you to identify yourself in a second way in addition to your password in order to log in. This so-called two-factor authentication is available in numerous variants, z.B. As a code via SMS, with a TAN generator for online banking or an app. Caution: Even with such a procedure, you should not do without secure passwords!
Unlock your smartphoneOn the smartphone, it’s particularly convenient to have passwords saved in the apps, so you don’t have to enter them again every time you start the app. This poses additional risks. If the smartphone is stolen, the thief could gain access to online banking and other accounts. Therefore, save as few passwords as possible on your device.
Many smartphones can be encrypted – use this option, not only if you store passwords on the device.
You should also set up an automatic screen lock and choose the most secure method of unlocking possible. We provide tips on the advantages and disadvantages of using patterns, fingerprints, and so on. have.