eco Survey: Every Second German Secures Data Twice on the Internet

• Double-factor authentication (49.2%) is the most popular security measure, 31.2% do not store passwords online, and 28.1% use biometric measures
• On the second annual “World More Than A Password Day”, eco has signed the guidelines “Protecting Your Accounts and Devices” set forth by the non-profit organisation “Nonprofit Cyber”
• The guidelines include six tips for enhancing more online security

From online banking, seeking apartments, or job applications, many everyday and trust-based transactions are now carried out on the Internet. In order to protect their data online, every second German uses at least one additional security measure beyond passwords. According to the survey, 49.2 per cent of German citizens use two-factor authentication, 31.2 per cent do not store passwords online, and 28.1 per cent rely on biometric security measures. One in five people (19.2 per cent) either regularly change all their passwords or use a password manager. These are the results of a representative Civey survey conducted on behalf of eco – Association of the Internet Industry for the second annual “World More Than a Password Day” on 12 November 2024.*

Prof. Norbert Pohlmann, Board Member for IT Security at eco Association, comments: “Protecting our identity and personal data should be a top priority for all Internet users. Everyone should consciously use the essential security measures, not only when it’s too late. It’s encouraging for me to see that approximately half of Germans additionally protect their own online services with two-factor authentication, with this revealing that cybersecurity is being taken seriously by the population.” At the same time, it is important to continue emphasising the importance of reliable online security so that even more Internet users adopt additional protective measures. “Adequate protection of one’s own data and accounts is the basis for all of us to move safely on the Internet”, says Prof. Pohlmann.

The “World More Than a Password Day” was launched last year by the non-profit organisation Nonprofit Cyber to emphasise the importance of strong authentication on the Internet. eco is one of almost 100 co-signatories of the “Protecting Your Accounts and Devices” guideline, which will be published by the international Internet organisation on the second anniversary of the topic day. As Prof. Pohlmann emphasises: “Establishing security measures doesn’t have to be costly – a data breach, on the other hand, is costly and can be very stressful in addition to the financial damage.” The guideline paper from “Nonprofit Cyber” includes six simple, cost-effective and efficient tips for more online security in both a professional and private context:

1. Use password-free authentication: Passwordless options, such as passkeys, are often easier to handle and more secure than simple passwords. They use cryptography to verify your identity online.
2. Secure your email account adequately: If you protect your email account with a password, it should be very strong (long, randomised, and unique) and secured with multi-factor authentication. Email is the most common way to reset other passwords. Therefore, you should make sure that only you have access to this function and can access your accounts.
3. Activate an additional security measure for passwords: Using a hardware security key or token, an authentication app, or a PIN sent via SMS as a “second factor” can help to prevent phishing and other attacks. This process is known as multi-factor authentication (MFA), two-factor authentication (2FA), or two-step verification.
4. Use a password manager: If you only use passwords for your online accounts, you should consider using a password manager so you don’t have to remember all of your passwords. This also allows you to use stronger, randomised passwords that are more difficult to guess.
5. Use recommended password techniques: Instead of choosing passwords yourself or having a computer generate them, you can use a passphrase or techniques like the “Three Random Words” method recommended by the UK’s NCSC. These are easier to remember and more difficult to guess.
6. If you have been hacked, change your passwords immediately: If you discover that one of your passwords has been compromised, change it immediately. This applies not only to the online service for which the password was used, but also to any other accounts where the same password was used.

*The market and opinion research institute Civey surveyed 2501 people on behalf of eco – Association of the Internet Industry between 4 and 5 November 2024. The survey is representative of the population, with a statistical error of 3.6%.