Password security – Better safe than sorry

We all know the problem: new month – new password.

With every passing day we are getting closer to Febuary 1st – the international “change-your-password-day”. But a password change is easier said than done. A change is normally accompanied by a vain attempt to log on with the old password, followed by the recollection that a change has been made, and then a few more failed attempts until the new password is correctly entered.

A little anecdote from our everyday work:

Three months after starting to work at eguana, a new colleague approached the system administrator with the words: “That might sound a bit silly, but I’ve been here for a while and never had to change my password…”

The system admin’s answer was as follows: “Yup – I’d rather give you a sensible password once than have you change an unsafe one every few weeks and stick a note next to the screen!”

MyP@ssword2020

This is how choosing a new password can go. Now imagine dealing with an obstacle course just like that not once but for every service. Hooray! So now you finally have a technically perfect password – and you need ten more of these things so that you can secure every service.

In short: impossible!

How to choose a secure password?

Quick solution: Your own, password-protected computer without an Internet connection, on which a list of all your passwords is located. Well …

Alternatively, there are also some tools that promise more or less the same: Virtual, password-protected boxes in which you can store all passwords and search for them if necessary. But what if someone cracks the password that secures the tool that contains the remaining passwords?

A tricky question that I would like to pass on to our current system administrator Cesare Schwabl and his predecessor Bernhard Rieder:

*****

Gentlemen, how often should one change a password?

Cesare: That is debatable. Never, if the password is long enough and difficult to guess, does not appear on a password list and was not used for more than one account.
Bernhard: You should always change the password if you suspect that someone got hold of it. Otherwise, password changes are unnecessary.

Is the date of birth or the name of the pet really that easy to guess?

Bernhard: Depends on the presence on social media. In principle yes, because these things are very restrictive.
Cesare: If someone chops you specifically, that kind of scheme is easy to guess.

The more characters, the better?

Bernhard: Not necessarily: 1234567890 is less secure than ahj6Tks.
Cesare: A good password has eight characters or more. The German Federal Office for Information Security recommends, for example, the “KeyPass” password manager. If you want to know whether your personal data is affected by a data breach, you can check this at haveibeenpwned.com.
Bernhard: The perfect password is a “random” combination of numbers, letters and special characters, the length depends on what you want to protect. I would protect bank access data with a longer password (> = 12 characters) than my access to a discussion platform (> = 6-8 characters). It is best to use different passwords and store them in a password safe with a very strong password. I don’t think much of password generators.

How insecure is it to stick the password on a Post-it next to the PC? Isn’t that safer than storing it on your cell phone?

Bernhard: Who would write their ATM code directly on the card? At least you have to unlock your cell phone or infect it with viruses. If the computer is in a safe, it is completely okay to stick the password on a Post-it on the monitor.
Cesare: I think it always depends on who I want to hide the password from. A cell phone is certainly not hackproof.

What is better: Senseless combinations of numbers and letters like HrtZ34D? Or long sentences like “dasistdashausvomnikolaus”?

Bernhard: “Senseless” combinations are preferable, but not completely senseless, but with a memory aid. Like “Fys1G,gib!”, which stands for ‘Fox you stole a goose, give it back!’
Cesare: A combination of numbers and letters makes more sense than a long sentence consisting only of lower case letters, because computers first try letters and only afterwards numbers and special characters.

*****

At eguana we take data security very seriously. With the simple tips of our two security experts, we hope that you too can safely start into a New Year without hacking attacks or data leaks.

 

 

Credit cover picture: cocoparisienne auf Pixabay

Anna Riedler

When the sense of direction was distributed, Anna had just gotten lost. So much the better that her work has only peripherally to do with construction sites – she would probably never find her way back to the office. Instead, the studied journalist diligently writes texts for our homepage and our blog, as well as short personal descriptions with all the potential of being nominated for a Nobel Prize for Literature.