“Password123” – does that look similar to your password?
How to create a secure password easily and quickly
With a little creativity and a few simple tips, you can create a secure password even without a password generator and protect your access to company accounts, sensitive company data, and thus your privacy on the internet.
Why are insecure passwords dangerous?
It is well known that it is easy for hackers to try various common password combinations in seconds and completely automatically in order to crack company accounts. Attackers use self-written programs that enable them to combine entries from dictionaries, known “standard passwords” and combinations of numbers thousands of times and systematically try them out until the desired account is cracked and access to sensitive company data is free.
There are also regular reports of data leaks at large online companies, where usernames and passwords repeatedly fall into the hands of third parties and are offered for sale on the internet. If you use the same combination of username and password for your private and business e-mail account, your corporate network, and other platforms, access for unauthorized persons is easy causing huge damage for both, the private individual and the company.
Identity theft, publication of sensitive data, blackmail for hijacked accounts and data are just a few unpleasant consequences victims of cybercrime face.
How can I recognize insecure passwords?
At the end of each year, the Hasso Plattner Institute (HPI) publishes the most frequently used passwords in Germany. The institute’s evaluation is based on large data sets that were available on the web in the respective year. For example, HPI found that the most frequently used password in 2020 was “123456,” followed by “123456789” and “password” in second and third place.
Choosing a simple and insecure password and being careless with it always plays into hackers’ hands. You should avoid the following when choosing a password in any case, otherwise, you make it even easier for potential attackers to hack your password:
- of your first name or surname
- of the company name
- of your birthday
- of information with personal as well as business reference (e.g. JohnDoe1979, Company2021).
- Number sequences (e.g. 12345, 111)
- Simple sequences of letters (e.g. abcde, xyz)
- Keyboard patterns (e.g. qwertz, asdfg)
- Simple passwords (e.g. abc123, password, hello)
- Incrementing the password from “flower1” to “flower2” to “flower3” when you are asked to change your password regularly
- Writing down passwords on notepads and attach them under the keyboard or to the monitor
- Handing a password to third parties, if you are requested to do so by phishing e-mails
- Using the same password for multiple accounts
Internet portals such as that of the Hasso Plattner Institute offer the possibility of checking whether one’s personal user data has already appeared on lists on the Internet. If this is the case, quick action is necessary, and a secure password must be generated.
What criteria must a secure password meet?
In our experience, a complex, secure, and easy-to-remember password can be easily generated if you follow the criteria described below in addition to respect the tips mentioned above:
- The larger the number of characters and the length of the password, the more secure it is.
- The more sensitive the access (e.g. financial accounting) the stronger/complex the password should be.
- Use upper and lower case, numbers and special characters in the password.
- Depending on the keyboard layout, country-specific letters such as ä, ö, ü, ß and special characters can also be used.
- Choose a separate password for each account. Never use the same password for multiple accounts.
- Change your passwords regularly.
- Change your passwords immediately if you suspect third-party access and log out all devices currently connected.
With these criteria, you usually meet the requirements of your company-specific password policy.
How do I generate a secure password?
In practice, for example, the creation of a personal mnemonic for generating a complex and secure password has proven successful. With help of the mnemonic, which you remember easily, can derive the password again and again. A suggestion for a possible mnemonic sentence could be: “Every morning at eight o‘clock I eat a three-minute egg and drink a coffee!”
Use the first letter of each word of your mnemonic and use, for example, the correct upper and lower case. In this way, you expand the complexity of your password – “EmaeoIeatadac!” – in the very first step.
To further increase the complexity and security of your new password, replace individual letters in the next step as follows:
- Number words such as “a”, “an”, “one” can be replaced by the number “1”
- Replace “and” with special characters like “& ” or “+”
- Replace letters like “E” and “I” with similar-looking numbers like “3” and “1”
- You can replace an “i” with a “!”
- For example, large compound words like “three-minute egg” can be changed to “3m-e”
There are hardly any limits to creativity and thus to complexity. Your mnemonic sentence “Every morning at eight o’clock I eat a three-minute egg and drink a coffee!” becomes the complex but easy-to-remember password: EMa8oIe13m-ead1C!
Please note that the mnemonic used here as an example is not applicable for you. Due to the publication in this article, EMa8oIe13m-ead1C! is no longer a secure password! You must come up with your own individual mnemonic.
We would be happy to support your company with our Cybersecurity Awareness training, in which we highlight risks and share useful tips to teach your employees what they can and must do to ensure the protection of your company in the digital world.
We offer you the whole range of security instruments from code reviews of your software products, quick checks of your organization, awareness training of your employees, to penetration testing of your servers and IT landscape and support you in the implementation of your individual holistic cybersecurity plan.
Together we can master the future!