Passwords

It is said that those who have the choice are spoiled for choice. Many Internet users find it particularly difficult to choose the right passwords

1. The BSI therefore recommends for citizens : Is it any wonder that poorly chosen passwords such as 123456 or qwert are high on the hit list of particularly common IT security deficiencies. For those who instead make the effort to use a slightly more complicated password, it is not uncommon for the same password to be used for many different programs or accesses.

Of course, hackers are happy about all of this. You have tools that fully automatically try out all possible character combinations, test entire dictionaries including common combinations of words and added numbers, or try out access data for all possible services once published on the Internet. To prevent this, a password should meet certain quality requirements and only ever be used for one access.

In addition, passwords are not just used to protect confidential data. An example: It is now common practice to be able to create an account or an account with a wide variety of providers on the Internet. Logging into this account is protected with a password. What could happen if someone logs in under your name? Who would want strangers to be able to send emails under their own name or bid on expensive goods on the Internet?

Therefore: Follow the following recommendations for creating and handling passwords – and you will be doing something for your security.

The BSI for citizens gives the following tips for a good password:

• There are no limits to your creativity when choosing a password. It is important that you remember the password well . There are different help strategies for this: One person memorizes a sentence and only uses the first letter of each word (or only the second or last). You may then transform certain letters into numbers or special characters. The other uses a whole sentence as a password or strings together different words connected by special characters.
• Basically: the longer, the better . A good password should at least eight characters long.
  (Exception: For encryption methods for WLAN such as WPA and WPA2, the password should be at least 20 characters long. So-called offline attacks are possible here, which also work without a permanent network connection - this is not possible, for example, when hacking online accounts. )
• As a rule, all available characters be used for a password, for example upper and lower case letters, numbers and special characters (spaces, ?!%+…) . Some online service providers provide technical specifications for the characters that can be used or should be used. If your system allows umlauts, remember when traveling abroad that they may not be able to be entered on typical keyboards.
• Names of family members, pets, best friends, favorite stars, dates of birth, and so on are not suitable as passwords. If possible, the full password should not appear in dictionaries . It should also not consist of common variations and repeat or keyboard patterns such as “asdfgh” or “1234abcd”. Some providers compare passwords against a so-called “black list” in which exactly such unsuitable passwords are stored. If you want to use it, you will receive a message that the password is not permitted in this form or is not secure.
• Add simple numbers to the end of the password or use one of the usual special characters $! ? Adding # to the beginning or end of an otherwise simple password is not recommended.
• Important passwords should be changed periodically. We explain why in dealing with passwords .
• Use a password manager to be able to manage your different passwords well.

via BSI for citizens

Useful reference:

Video “strong passwords”