Skip to main content
Unsere Website gibt es auch auf Deutsch - würden Sie gerne zu dieser Version wechseln?Zur deutschen Version wechseln
MADE & HOSTED IN GERMANY
ISO 27001 CERTIFIED, BSI C5
secure-passwords-rules

Secure passwords: These are the rules you should follow

4 min read

We are all part of the digital world every day – whether privately or professionally – and are therefore exposed to potential security gaps and dangers. Despite the fact that issues like data protection and data security are almost inevitable by now and awareness is increasing in the mainstream society, many people still neglect the basic rules. This is also the case with password security, as can be gathered from a recent study of the Hasso Plattner Institute: The top 10 most popular German passwords are dominated by combinations such as "123456", "password" or "qwerty". But that's not so bad… or is it?

Weak passwords: Avoid these mistakes when creating a password

We use passwords for our social media accounts, websites of numerous online retailers, news services, email and online banking accounts. In many cases, operators offer additional safety precautions to protect their users. Their password, however, is still the first barrier for cyber criminals.

Protecting your own account with a password such as "123456"? That would be like readily opening the door to your own house to a burglar, even though it is equipped with the most modern anti-burglary protection.

In the following, we will explain to you which mistakes you should avoid when creating your password and why a combination such as "Xc$#&6" is not as secure as you thought it is.

What not to do:

  1. Never use the very same password twice or even for every access.
  2. Avoid using character strings and words that other people could easily associate with you. For instance, the name of your spouse or your children, your date of birth, pet or your phone number.
  3. Even if the words "giraffe" or "sunset" cannot necessarily be associated with you, they are still easy to crack. The reason being that all words that can be found in a dictionary are not secure. Just as common or known passwords, they are simply tried out in so-called brute-force attacks, for example. Words from foreign-language dictionaries are just as insecure.
  4. You should avoid simple numerical (1234, 1212, 0000) or letter sequences (abcdefg) as well as letter strings on the keyboard (asdfgh).
  5. Xc$#&6 can neither be associated with you nor can it be found in a dictionary. That means it should be a secure password, right? Wrong! It is simply too short to be secure enough since all variations of strings with five or six characters can be tried out by skilled users within a short time.

Be honest: Were you familiar with all of these points? In conclusion:

A secure password should not be logical, as long as possible and unknown. Adding special characters increases its protection. But how to choose a password that makes it significantly harder for unauthorized people to get hold of your information? And how can you memorize such a password?

Encrypt your passwords

A very good way to encrypt your password is to use the respective adjacent keys on your keyboard when entering it. With this little trick, your pet "Rabbit,Ricky" turns into "Tsnnoy,Tovlu" as your password.

With a little bit of creativity, swaps, synonyms or combined words can help you create secure passwords that can be easily memorized.

  • Swapping pairs of letters: Party Animal-> "AnPaimrtaly"
  • Synonyms & combined words: PasswordGuidelines -> IdentificationtermAdvisorstripes

Be creative and make your own rules. For example, you could also use every first, second or third character at the beginning of each chapter of your favorite book.

Use sentences as templates and memory aids

A catchy sentence makes an excellent template for a secure password. "I married my husband in 2019" turns into "Immhi2019". With nine characters and the combination of numbers and uppercase and lowercase letters, this password is already quite secure. You can make your password even more secure by adding special characters. In our example we could add, for instance, a punctuation mark at the end and a heart for the husband: "I married my husband <3 in 2019!" -> "Immh<3i2019!"

Use long passphrases

So-called passphrases work particularly well. They consist of several words that make sense together and are easy to remember. For example: My apartment has 3 rooms, 1 balcony and is on the fourth floor. This passphrase can be made even more secure by replacing the letter "e" by the special character "€", and by replacing the letter "a" with the number "4": My 4p4rtm€nt h4s 3 rooms, 1 b4lcony 4nd is on th€ fourth floor.

Complex passwords and passphrases of this length are especially hard to crack for hackers.

Attention: You should always avoid umlauts (ä, ö, ü), if possible. When traveling, this could become a problem as the characters may not be on the keyboard. You should also avoid using quotes or well-known song lyrics.

Use a password manager as a memory aid

It is, of course, not so easy to memorize several passwords for different user accounts. Password managers organize the chaos of different login details and protect the most important information, usually also by means of secure encryption. This way, you will only have to memorize one single password. Here you can find the german password manager test of 2022.

Use two-factor authentication

If available, the security of your accounts can be increased by using two-factor authentication. Stackfield also offers this security feature to prevent unauthorized logins.

Here is how you can find out how secure your passwords are and whether your email address was hacked

By using offers such as "Leak Checker" by the University of Bonn, or services such as www.haveibeenpwned.com, you can find out whether your own email address has been hacked. The latter also checks the security of your passwords and indicates whether they came up in known data leaks.

As already mentioned, you should definitely stop using compromising passwords, since hackers include them in their password lists for brute-force attacks and therefore have an easy job of it.

Rate this article?
4 Reviews / 4.8 Stars
Ready to try Stackfield?Over 10.000 companies joined Stackfield
Try Stackfield for free
Almost finished...Please click the link in the email and confirm your email adress to complete the subscription process.
Never miss a post. Get awesome insights in your inbox.
Your Email
Subscribe
Cristian Mudure
About the Author:
Cristian Mudure is the Founder and CEO of Stackfield. He loves digital business models and spends his spare time on the tennis court.
Display Comments (powered by Disqus)