Why is a secure password so important?
It seems to be an already worn out story and one or the other can’t hear it anymore: Use strong passwords. However, it turns out again and again that the story is still topical. We make it too easy for black hat hackers to get our passwords and ultimately our digital identity.
My digital identity is gone
Imagine the following scenario:
- Let’s say my name is Hans Günther and I have a daughter named Klara. She was born on 23.05.2008.
- I have a password that I use over and over again.
- So that I can remember my password, it is called klara052008.
- I use the password on Facebook, Instagram, WhatsApp, Twitter and for my GMail account.
- My daughter is also on Instagram and has everyone wish her a happy birthday on 05/23.
- Since I am an exposed person and there are some people who want me bad, they try to hack my password through a little research and a simple algorithm.
- Tada … it was not difficult and the attackers have my password.
- Now it gets exciting: it’s not that they steal something from me, but that they harm me.
- First they hack my GMail account. First of all, they change the password. That locks me out.
- After that, they try out at all sorts of social media services and find that I log in with my GMail address and the same password. They now take over my channels and change the password everywhere.
- I’m now defacto locked out and my digital identity is gone!
- In the next step, the attackers spread trash in my name and thus massively damage my person. They post right-wing ideas, child pornography, hate and malice.
How could this have been avoided?
- Use a different and above all secure password for each service and preferably a different e-mail address. E.g. hans.guenther+facebook@gmail.com, hans.guenther+instagram@gmail.com …
- Always use a second factor
What does a secure password look like?
There are some simple rules for a secure password. In general, a password should have these properties:
- it is only used once per service or login (see the “My digital identity is gone” scenario).
- it has a minimum length of 19 characters
- it consists of upper and lower case letters, numbers and special characters
- it is a complete lie and does not allow any conclusions about my person
- bonus points: I do not know it
Where do I store the password?
The last item in the previous list says “I don’t know it”. This assumes that the password is stored somewhere. There are DO’s and DON’T DO’s for this:
DO
- a password manager like 1Password
- the key chain of the operating system
DON’T DO
- save it in the browser (Chrome and Google offer this!)
- write it on a piece of paper or a document
- save it in the notes on my phone
- at LastPass (because the security measures are insufficient and LastPass was hacked).
How do I create a secure password?
The short answer is: with a password generator. Again, 1Password is a good choice:
To get a feel for what a secure password looks like and how long it would (currently) take to hack one, I recommend trying this out:
Here is a short demo of how a password becomes strong:
IMPORTANT: this is NOT a password generator. Never use the password you “tried” there (even if it says underneath that it is “100% secure” and won’t be saved!).
Outlook
Having to use passwords is always a pain in the ass. That’s why the topic “Passwordless” with “passkeys” is massively pushed.
Roundup
I showed in this post how easy it is to create a secure passowrt. Also, how a good password strategy helps protect your digital identity.
Disclaimer: I don’t have any affiliate agreements with 1Password. I just think the tool is very good.