Deutsch English
Deutsch English

QS-Database

Actively support quality assurance
with reliable data management

Password

Source: translated from BSI www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/Passwoerter/passwoerter_node.html (04.02.2019, unauthorized translation)

 

Who has the choice, has the agony - they say. Many Internet users find it particularly difficult to choose the right passwords. No wonder that poorly chosen passwords such as 123456 or qwert are at the top of the hit list of particularly frequent IT security deficiencies. For those who instead take the trouble to use a somewhat more complicated password, it is not uncommon that one and the same password is used for many different programs or accesses. Of course, hackers are pleased about all this. They have tools that fully automatically try out all possible character combinations, test entire dictionaries including common words combinations with attached numbers or try out in Internet published access data by all possible services. To prevent this, a password should meet certain quality requirements and only be used for one access at a time.

What’s more, passwords are not only used to protect confidential data. For example: in the meantime, it has become common practice to create an account or an access with different providers on the Internet. The login to this account is protected with a password. What could happen if someone logs in under your name? Who would like strangers to send e-mails or buy expensive goods under your name?

Therefore: inform yourself with the following recommendations for the creation and management of passwords - and you will be doing something for your security.


Tips for a good password

  • There are no limits to your creativity when choosing a password. However, it is important that you can remember your password. There are different strategies to help you with this: one memorises a sentence and uses only the first (or only the second or last) letter of each word. Then, you can convert certain letters into numbers or special characters. The other one, uses a whole sentence as password or links different words, connected by special characters. An additional possibility is to randomly select 5 to 6 words from the dictionary and separate them with a space. This results in a password that is easy to remember and easy to type, but for attackers difficult to break.
  • The basic rule is: the longer the better. A good password should be at least eight characters long.

For WLAN encryption methods such as WPA and WPA2, for example, the password should be at least 20 characters long. Here, the so-called offline attacks are possible, which also work without a standing network connection.

  • Usually, all available characters, such as upper- and lower-case letters, numbers and special characters (spaces, ?!%+...), can usually be used for a password. Some online service providers define technical specifications for the characters that can or have to be used. If your system allows umlauts, please consider that you may not be able to enter them on typical keyboards when travelling abroad.
  • Names of family members, pets, best friends, favourite stars, birth dates, and so on, are not suitable as passwords. The complete password should preferably not appear in dictionaries. It should also not consist of common variants and repetition or keyboard patterns such as asdfgh or 1234abcd. Some providers compare passwords against a so-called black list, in which exactly such unsuitable passwords are stored. If you use them, you are advised that the password in this form is not allowed or not secure.
  • Use a Password Manager, to manage your different passwords well. - and your strong password to secure it. So you only have to remember one good password and can still use very strong, different passwords everywhere.
  • Adding simple numbers at the end of the password, or one of the usual special characters $ ! ? # at the beginning or end of a simple password, is not recommended.
  • Important passwords should be changed at regular intervals. The reasons are explained under management of passwords.
  • You can use a password manager to effectively manage your different passwords and to secure your strong password. In this way, you only have to remember one good password and can still use very strong passwords that are always different.

Source: translated from BSI www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/Passwoerter/passwoerter_node.html (04.02.2019, unauthorized translation)