Thank you for your purchase. You will shortly receive an order confirmation by e-mail.
Let your friends know about our smart products simply and secure!
Send e-mail to friends
Your purchase couldn't be completed. Please check your entries and try again.
Happened again? Then please get in touch with our Help Desk using the contact form.
A few letters, numbers and special characters protect our entire digital privacy – but normally only to a limited degree. Read on to learn what makes a good password according the latest research, how we remember it and which tools help.
“Please choose a user name and password” – whether it is a new e-mail or bank or Amazon account or a social media profile, this is the first step almost every time you sign up for anything on the internet. But also with devices such as PCs or smartphones, passwords ensure that only we ourselves or other authorized persons are granted access to data and functions.
A secure password is therefore just as important as having an effective lock on our front door at home. And yet many people protect their data and accounts less than adequately or even really badly. The “human factor” is probably the biggest weakness of every password. For people, a random combination of numbers, letters and special characters may look complicated and therefore secure – but computer programs see it differently.
In fact, hackers can crack this kind of password relatively easily. Besides the most common passwords like “password” or “123456” and normal words from dictionaries, they also use special software and algorithms to test complex combinations of special characters. So if there’s an attack, it is only a matter of time before a password is cracked.
The use of special characters, however, does actually make things much more difficult for an attacker. An 8-character password of upper- and lowercase letters takes at most a few days to decipher. If you mix in special characters and numbers, it can take up to 80 days.
Recently, the US agency responsible for technological standards, NIST, published their new guidelines on password security – and corrected their previous recommendations.
The three most important tips of the National Institute of Standards and Technology:
1. Instead of supposedly complicated special characters, it is better to use various “unlogical” phrases as a basis.
2. Much more crucial than the complexity is the length: Even the latest computers would take years to crack a password with 20 or more characters; 8 characters are considered an absolute minimum. The NIST advises web providers to abolish length restrictions and allow spaces, in order to make whole pass phrases possible. In other words, sentences that contain as much “human randomness” as possible are the most secure – such as a totally abstract sentence like “Crazy Dog-Grass-Egg-Machine eats fried Oranges”.
3. In its report, the NIST advises against requiring users to change logins regularly. This is based on studies which show that users who are required to change their password tend to choose an easy-to-remember and therefore insecure one. The exception: Following a hacker attack, it is of course indispensable to change all passwords.
It should go without saying that each account should have its own password – no one would ever use just one key for their home, car, bike and letterbox.
If you want to boost your password security even further, then you need what is known as two-factor authentication (2FA): After entering the password, you are sent a second code – mostly by text message to your mobile phone or via a security token with a display – which you then enter for authentication.
This method is not invulnerable, but increases security enormously. It has become indispensable for business transactions or logins to bank accounts in particular. But 2FA is also offered by the major e-mail providers, the services of Amazon, Ebay or Paypal and social media platforms, to make passwords even more secure.
With so many accounts and devices protected by passwords nowadays, you’re sure to come across password managers sooner or later in your search for solutions for remembering them all. Programs by providers such as Dashlane or Last Pass save all the login information in a database that can only be opened with a single master password. Many of these also offer 2FA here too.
The only – not insignificant – problem: If hackers acquire the master password, they gain access to all the user’s accounts.
This video by The Verge provides a concise overview of which password managers they recommend and how to use them. The tech portal explains again in a simply language how hackers can link stolen passwords with the corresponding account and why each profile needs its own password.
- Use a different password for each account.
- Always choose long passwords – at least 8 characters
- Besides lowercase and uppercase letters and numbers, either use special characters, or EVEN BETTER: Use long pass phrases that don’t follow any obvious logic, that is, they only make sense to a human.
- Don’t change logins regularly – unless there has been an attack.
- For important services, use 2-factor authentication.
- To avoid having to remember all your many passwords, use a password manager.
If you want to test whether your e-mail address can be found in a database leaked by hackers, we recommend the tool provided by Australian security expert Troy Hunt. His software compares logins with over 300 million hacked data records.
The strength of a password can be tested here, for example. Please note: This is strictly only for testing sample passwords! Passwords that are already in use or planned for use should NEVER be entered on public websites!
Passwords often divulge more than just our accounts, says the NY Times Magazine in the highly recommended web series “The Secret Life of Passwords”.