5 tips for secure passwords and what is important in a good password manager
The change-your-password day on the first of February or the regular request from the system administration that the password must be changed again have good intentions, but send the wrong signal. It’s not just about changing it regularly, but the complexity and structure of your password. Experts from the Federal Office for Information Security even correct their own statements and make it clear that a password that meets the security criteria can provide secure protection for years.
Here we explain what these criteria are and how you can protect your accounts from unwanted access with secure passwords in the future.
The fact is, if “HausMausKlaus_2020” becomes “HausMausKlaus_2021” or you change “P=dWg*:56” to “P=dWg*:57”, it’s no use at all. Although both examples are formally ideal passwords – special characters, numbers, letters, upper and lower case are included – this password change is not secure. Because minimal changes to your password do not pose any additional difficulty for hackers.
What we want to make clear here is that the protection of your data is to a considerable extent in your hands. Therefore, do not treat it lightly. And yes, we know that it’s easy to lose track, so here are our tips on how to create and remember secure passwords.
Five tips for a secure password:
- Don’t just change a year, but the complete structure of the password by using only new letters and changing the position of the numbers and special characters.
- Use long passwords with at least ten characters and use all special characters, numbers and letters, as well as upper and lower case.
- Never use passwords twice, but one for each account.
- Use random constructions with numbers and characters. The arrangement should not be linguistically comprehensible and therefore should not contain names or birthdays.
- If you give a new password or enter it in the login field – save it directly in a password manager.
So make “HausMausKlaus2020” into “$%Aut0K4terW3rn3r?!” instead of just changing the year. Meanwhile, password managers can also provide you with randomly generated and secure suggestions for your password and save them immediately.
But which password manager offers optimal data protection?
With a password manager, you can either have a complete password suggested or save the one already assigned. The advantage of a newly generated password is that the string of characters is reliably random. Perhaps you have noticed that you always build your complex self-made passwords according to a pattern – for example, with a number always at the beginning, then a lower-case letter and then a capital letter. These patterns can be recognised and cracked. In the meantime, there are several password managers that can help you to get your data security up to scratch.
A distinction can be made between cloud providers and local management systems. In short, cloud systems are easy to use because you can connect them to all your devices. Once stored, you can log in from your smartphone, tablet and PC. However, this means that all these devices provide hackers with possible access to all your passwords. Providers for this are Google’s and Apple’s own password managers as well as LastPass and Dashlane.
If you choose a local system, on the other hand, the passwords are not synchronised on all end devices. On the other hand, it has a higher level of security. If your laptop is hacked, for example, only the passwords stored on it can be cracked. The damage is therefore more manageable with this method. Keepass is a possible provider that stores passwords offline.
We, as platform operators, are also obliged to do so!
You are not the only one responsible for your data security. The data platforms are also obliged to handle your data properly and keep it safe. You can find out how memoresa deals with the topic of data protection and data security in this video with our data protection expert Anna-Lena Hoffmann.
Our tip: Select providers that use dual authentication. This is currently the most secure method to check access to a portal. As with logging into a bank account, you are authenticated as a user in two different ways. This method is almost unbreakable!