- One in three Germans (34.4 per cent) stores their online passwords mentally, according to an eco survey conducted on the occasion of Change Your Password Day on 1 February
- Cryptic passwords and 2-factor authentication are more effective than frequent changes
- The eco Association gives three tips for secure passwords
As the number of online accounts increases, so does the number of passwords that everyone uses daily. The challenge here is that the passwords should be as cryptic as possible with numbers and special characters. They must also not be repetitive, which means that, with dozens of user accounts, we also need just as many cryptic passwords. It seems almost impossible to remember the numerous difficult passwords for social media, mobile phone apps, online banking, email, online shops and so forth.
In spite of the complexity, surprisingly one in three Germans (34.4 per cent) say they remember their own passwords, as revealed by a population-representative Civey survey commissioned by the eco – Association of the Internet Industry on the occasion of Change Your Password Day on 1 February. On the other hand, 21.8 per cent of Germans write down their passwords on paper, while 20.2 per cent use a password manager – i.e. a software that takes care of password storage on their behalf.
Prof. Norbert Pohlmann, Board Member for IT Security at the eco Association, recommends the use of a password manager. “Password managers suggest secure passwords and then make them available in encrypted form on different devices. This means that users only have to remember one password,” says Prof. Pohlmann. He also advises activating two-factor authentication wherever possible. While this has long been commonplace in online banking, an increasing number of online shops and social media platforms now offer users the option to enhance security, for example, with a code sent via confirmation SMS as a second factor during login.
With the growing number of online accounts, remembering all passwords is, in any case, increasingly unrealistic. It’s too tempting to use the same password for several user accounts or to choose simple, non-cryptic passwords. Prof. Pohlmann describes the single password method as the least secure method of authentication and a major gateway for ransomware attacks.
The practice of writing down passwords on paper is also viewed critically by Prof. Pohlmann. “Anyone who writes down their passwords must make sure to keep these notes separate from their mobile phone or notebook. The typical post-it note with passwords under the keyboard, on the screen or under the mobile phone cover is grossly negligent and an invitation for unauthorised access to private systems.”
The eco Association provides three tips for secure passwords:
Tip 1: Swap insecure passwords with cryptic ones. These are eight to twelve characters long and consist of upper and lower case letters, numbers and special characters – in a random order. Check whether your important online passwords are secure and difficult to hack – and change them today if necessary.
Tip 2: Use a password manager, as secure passwords are difficult to remember. This means you only have to remember one password; namely, the one for your password manager. In all other instances, the software automatically generates strong and unique passwords and stores them in encrypted form – locally on a device or online. This has the advantage that you can also access your passwords when you are out and about and on different devices.
Tip 3: Use 2-factor authentication if possible. A second identification method, in addition to the password, increases security. This 2-factor authentication is available in numerous variants, such as a code via SMS, with a TAN generator for online banking, or in an app. A strong password and activated 2-factor authentication provide very effective protection against misuse by criminals.
The eco Association also provides a suggestion on how to easily memorise even a complex password. It helps to think of a sentence or phrase and take the first letters of each word and combine it with special characters and numbers. Example: “I live in a yellow House and have 2 Cats” could become IliayH&h#2C!