Yahoo, Dropbox, Twitter, LinkedIn. Time and again, we hear new reports about hacked accounts. And if you look at the list of the most-commonly used passwords, it is baffling how easy some users make it for cyber criminals. But password safety is not rocket science.
Following the hacks that have made headlines in recent months, countless user accounts are in circulation out there, including passwords. Many users don’t really think about that because they don’t use the account anymore or they have changed their password. But that is not enough. Because the fact of the matter is that many people still use the same password for several accounts. Cyber criminals know this. When they have the password for one account, they will also try the combination of the victim’s e-mail address and password at other accounts – which may be holding much more valuable information.
In light of this situation, it is truly astonishing how careless some people are when choosing their passwords. Of course, most people have many diff erent accounts nowadays, making it difficult to come up with ever new passwords – and to remember them. Still, people should put in a bit more eff ort than just choosing “hello” or “password.” However, those are two of the most commonly used passwords.
If you use one of these passwords – or any other in the top 10 – you’d be well advised to change them as soon as possible.
And there is another thing you should definitely check: Find out if you are a victim of one of the much-talked about leaks that happened in recent times – Yahoo, Dropbox, Twitter. Was your account data stolen? If so, that’s another reason to change your passwords immediately. There are several ways of checking if you have fallen victim to such a hack.
If you enter your e-mail address at https://haveibeenpwned. com , you can see if any accounts with this mail address have been compromised. In additton to that, you can also check which provider was hacked and when the attack took place.
The identity leak checker of the Hasso-Plattner institute follows the same principle. You enter your e-mail address at https://sec.hpi.de/leak-checker/search and shortly aft er, you get a mail telling you if one of your accounts has been hacked. You can even see which of your data is aff ected. But how do I create a safe password that wannabe hackers don’t decipher in a matter of seconds? To answer that question, the German Federal Offi ce for Information Security has compiled a list of tips.
As it turns out, length matters: the more characters, the better. Eight characters is the bare minimum for a password. A six-character password can be cracked by modern programs in a matter of minutes, even if it is made up of random letters.
Furthermore, it is advisable to use upper case and lower case letters and numbers. But again, don’t just use an obvious password and add a number. “Password1” is clearly not a safe password!
Names of family members, pets, or worse yet, your own name, also make for poor choices because they are easy to guess. You should also steer clear of passwords that can be found in that form in a dictionary because there are scripts that try all of these words, one after the other. Even when you replace individual letters with numbers, say, if you use 3 instead of E or 1 instead of I, you’re not out of the woods. Hackers know this trick and have included these types of alternative spelling in their programs.
Oh, and please, never use passwords based on the keyboard layout, for instance “123456789” or “qwertz.” If you want to be on the safe side without having to memorize all those long, complicated (but safe) passwords, I recommend you use a password manager. These programs don t just manage your passwords, they can also generate new ones. This way, you control all your passwords from the safety of a database, so you don’t have to be afraid of external attacks. And the only password you have to come up with – and remember – is the master password.