The colorful world of calendars identifies February 1st as “change-your-password-day”. However, it is no longer the case that we should all change our passwords. Rather, it is that we should use the right passwords. We’ll give you tips on how to find them.
We carry a lot of passwords around with us these days. And of course that also attracts bad guys who want to play tricks with our data. Unfortunately, such nonsense passwords as “123456” are among popular phrases to secure access. Or simply turn “Gartenzaun1” into “Gartenzaun2”. Just look around the news. There have been a lot of data leaks lately. The most well-known example of the last few weeks is probably PayPal. So it is obviously important to choose good passwords. If you want to know whether your email address appears in a data leak, you can do that here, for example.
There are now a lot of password managers that secure your access and also offer two-factor authentication (2FA). If you don’t use such a manager yet, you should consider creating an account there. The big advantage: You only have to remember the master password for access. It is difficult to give a recommendation here, well-known names are Bitwarden, 1Password or KeePass. Just look at different providers and their service packages.
If you don’t feel like using a password manager, you should definitely set up a 2FA. To do this, you download an app such as Google Authenticator or Microsoft Authenticator onto your smartphone. With 2FA, a code is generated for you after setup, which you have to enter when logging in. This is only valid for a short time. There is no need to be afraid of setting up 2FA. Almost every site operator offers you instructions for this.
tips for secure passwords
And now what is a secure password. Here there are clear recommendations from the Federal Office for Information Security (BSI).
In essence, they differentiate between two variants of secure passwords:
Short but complex password
• Is eight to twelve characters long.
• Consists of four different types of characters.
• Upper and lower case letters, numbers and special characters are randomly arranged.
Long but less complex password
• Is at least 25 characters long.
• Consists of two types of characters.
• Can be, for example, six consecutive words, each separated by a character.
Of course, you should also be able to remember your password well. Donkey bridges can be helpful here. For example, a sentence that uses about only the third letter of each word. And then you can replace letters with numbers or capitalize a certain number of letters. Also use spaces and special characters like ?%& for your password. Now that all sounds very generic. But it’s difficult to give guidance because everyone remembers things differently.
The future: Passkeys
It would be best, however, if we could do without passwords completely in the future and run everything with one-time codes. This is exactly what the passkeys that the big players like Google, Apple, Samsung and others have agreed on should offer.
Put simply, a passkey is a two-part key. When logging in for the first time, a key pair is generated, a private key and a public key. Don’t let the names confuse you, the public key is of course not made public. This key pair is only valid for this one account. Each time you log in, the key on your end device, such as your smartphone, generates a one-time code. This can only be decrypted with the key part from the website operator. The one-time code is triggered by biometric data, such as facial recognition or fingerprints, but also by a PIN.
The combination of username and password can be used by several people, a passkey is tied to one person. This is the fundamental difference between the two approaches
In theory, this means that you don’t have to remember a password and can still access all your data. Will this mean that passwords will soon become obsolete? I do not think so. Not everyone will want to use the new method. And not all providers will switch to passkeys from now on. Therefore, passwords will stay with us for quite a while. It therefore remains important to think about secure passwords.