Main Content

Passwords

I love you: Forever and ever a poor password
Image: Staff Unit Information Security

Why does it have to be so complicated?

Upper and lower case letters, at least 11 to 16 characters, but preferably even longer, and in any case, please add numbers and special characters; the specifications for a secure password are very complicated. A change of perspective makes it clear that these specifications are nevertheless useful. As a hacker, there are at least two lucrative methods for password theft: phishing and brute force. In the latter case, hackers use ready-made tools and fast computers to try out millions of possible combinations per second when logging in, for example. The bingo game lasts until the door to the computer or e-mail inbox is open. However, the longer (and more complex) the password, the more difficult it is for the hackers' tools and computers. For an 11-character password with special characters, numbers, upper and lower case letters, a standard processor can take up to 11,000 years. So the rule of thumb is: the simpler and shorter a password is, the easier it is to crack.

How do I do that?

There are several ways to create a password that is as hard to guess as possible. A simple but effective one is the so-called "mnemonic method". It works in three simple steps:

  1. Choose a quote or the beginning of a poem, song or novel. It is even safer to think of a sentence completely. As an example, let's choose the sentence, "In the morning I get up and brush my teeth!"
  2. From this sentence, take only the first letters of each word and leave numbers and punctuation marks as they are: "ItmIguabmt".
  3. In the last step, replace single letters with similar looking special characters (e.g. a with @): "ItmIgu@bmt!".

The password created in this way contains all the important specifications, is sufficiently long and can be derived again at any time using the mnemonic. However, you should not use the mentioned example, it is no longer secret. Alternatively, you can also use whole sentences as a password. Above all, it is important that your password is sufficiently long. But also pay attention to the character limit of the respective application for the password.

Also take a look at the password policy and the possibility to change the password. By the way, regular password changes are no longer up to date. If you have a strong password, you can use it until hackers crack it or you fall victim to a phishing attack.

Make your life easier.

  • Use a password manager like KeePass, which allows you to manage account credentials securely, easily and quickly. With KeePass, you don't have to remember each of your passwords, just a single master password. Learn more about KeePass.
  • Don't use the same password everywhere. If your password gets into the hands of hackers, they'll have access to all your accounts (and they'll definitely try that too).
  • Where possible, use two-factor authentication in addition to your password. If this is enabled, you will need a second factor to log in. The most prominent example of a second factor is the TANs you need for online banking. If hackers have captured your password, they still need the second factor (e.g. the TAN) to log in. For an increasing number of web services, you can use two-factor authentication at Philipps-Universität.
  • Stop using password sheets. They are insecure and inconvenient. Instead, use a password manager that also provides you with your password in digital form. The change is worth it!
  • Your password is secret! Do not give it to anyone! Only you are allowed to know it.