Every year on 1. February the call takes place: Change your own passwords – and as regularly as possible. Experts from the Hasso Plattner Institute (HPI) see a growing danger for companies as well as private individuals to become victims of a cyber attack.
If you change your password regularly, you protect your data from misuse and unwanted access.
Photo: HPI Hasso Plattner Institute
For Christoph Meinel, director of the institute and head of the "Internet Technologies and Systems" department and Christian Dorr, Professor and HPI Head of Cybersecurity Enterprise Security" it’s really only a question of time before it hits each of us. Due to technological progress, it is no longer difficult to find out other people’s passwords. You don’t have to be a particularly outstanding hacker to do this, he says. The danger is also increasing for companies, because the trade with data is an attractive business for many criminals.
The Hasso Plattner Institute (HPI) offers a security check on an online platform. „Our HPI Identity Leak Checker now enables the comparison of around 13 billion stolen identity data that are freely available on the Internet", says Christoph Meinel. This free service from HPI has been available since 2014. For private individuals, it is also particularly easy to find out whether they themselves have been the victim of data theft. ÜThe Identity Leak Checker has already found more than eight million leaked details of bank data that can be linked to an e-mail address. The main risk is always weak or insecure passwords.
Secure password: difference if it consists of 12 or 18 characters
If you want to find out for yourself whether you have been the victim of a data theft, visit HPI’s Identity Leak Checker and simply enter your e-mail address there. The system then determines whether data associated with this e-mail address is freely accessible on the Internet and could be misused. More than 12.8 million pieces of stolen identity data are now stored in the system, which then compares everything very quickly after the e-mail address has been entered.
Spying on passwords is possible thanks to the enormous computing power of the computer. „In the so-called brute force attacks, billions of combinations can be played out in a single second. The hit rate is high", explains Christian Dorr, HPI’s head of cybersecurity Enterprise Security. His recommendation is therefore to use long and composite passwords as far as possible. This could also be explained with simple mathematics: "If you look at the possible combinations, each additional character multiplies the time it takes to crack the password.“ It therefore makes a significant difference to security whether the password consists of 12, 14 or 16 characters.
A few basic rules for a secure password
So what should you look for when choosing your new password?
Here are a few tips:
- Use long words, preferably with more than 15 characters.
- Use different character classes, i.e. uppercase- and lowercase letters, numbers and even special characters.
- Use a password only once at a time. Using the same or very similar password on different services increases the risk.
- Rely on password managers if you tend to need many different passwords. This helps to keep track of the numerous different passwords.
- Be sure to change your passwords immediately in case of security incidents or if you receive a data leak notification. Do the same if your existing ones do not meet the above tips.
- Activate two-factor authentication wherever it is possible to spy on passwords. This provides more security.
HPI publishes the most popular German passwords once a year. In 2021, 123456, password and 12345 made it to the top three spots in the rankings. This was followed by hello, schatz, berlin, 123456789 and the string of numbers in other variations. HPI’s Leak Checker, in use since 2014, has since helped 16.4 million users check their security online. More than 4.1 million of them received the information that the entered e-mail address in connection with personal data were publicly accessible on the net. The HPI in Potsdam is known as Germany’s university center of excellence for digital engineering and offers a particularly practical engineering computer science program.
Podcast: Cybersecurity how secure are our networks?
How secure are our networks in Germany?? Marco Dadomo and Sarah Janczura talk in the podcast "Technology on your ear" with Haya Shulman, a renowned cybersecurity expert. She has worked as a cybersecurity researcher at the Fraunhofer Institute for Secure Information Technology SIT and the National Research Center for Applied Cybersecurity Athene in Darmstadt since 2014.