„Change your Password“ Day on the 1st of February
Internet users are encouraged to improve their account security and change their password
February 1st has been the „Change your Password“ Day since 2012. A strong password is important to deny unauthorized third parties access to online services. G DATA provides useful information for high account and password
Propaganda on your own social media account: If the Turkish flag and a picture of the Turkish President Recep Tayyip Erdoğan can be found on your personal Twitter wall, some people will be skeptical. This was exactly what happened to the editor-in-chief of „Spiegel“ Klaus Brinkbäumer on the 14th of January 2018. He allegedly communicated on his Twitter account the sentence „Due to the bad news that we have reported so far and published about Turkey and Recep Tayyip Erdogan, we would like to excuse.“ As it turned out later, the account had been hijacked by a third party. One of the reasons could have been an insufficiently secure password.
Text passwords, such as those used in social media or on shopping pages are still important and will continue to be relevant in the future when it comes to protecting one’s own online account against unauthorized access. For years, IT security experts have made suggestions as to what a solid password should look like to prevent account takeovers. In the past, analysts and researchers agreed that a password should be at least eight characters long and should not contain common and easily guessable words. These rules are still part of the current password guidelines of corporate giants like Google.
The United States Computer Emergency Readiness Team (US-CERT) adds that users should use differently created passwords for their accounts. The passwords must meet a variety of complexity requirements such as special characters and numbers plus letters. The study „Let’s go for a closer look: Observing passwords in their natural habitat“ shows that people have passwords of an average of 26.3 different websites. They always use the same or slightly modified passwords in 80 % of cases. Users are reluctant to use different passwords for different web pages. It’s difficult to blame them - who can remember the many passwords that are both complex enough and unique for each portal? The solution: G DATA Total Security which includes a password manager.
With the help of a plug-in for the web browser, assigned passwords are stored in an offline database on the computer. To protect them from being accessed by strangers, only one master password is required to open the password safe. In this safe, all specially created passwords can then be viewed and managed. If users need a secure password, a cryptic password can be generated with one click. However, it is better, if Internet users think about their own passwords. G DATA gives you the following seven tips for todays "Change your Password" Day:
- A password manager is useful: As a user, you quickly lose track of the correct passwords used for each portal. This is no longer a problem with the password manager of G DATA Total Security. After installation, it appears as an icon in the browser and remembers all access data from websites that access password-protected accounts.
- Long passwords are great: Despite many older recommendations, a new approach has become established: Long passwords are better than complicated ones. A password can consist of so many different punctuation marks, numbers and upper as well as lower case letters; the longer a password is, the more variations must be considered by a potential attacker.
Example: A six-letter password consisting of lowercase letters would consist of nearly 309 million combinations. That sounds like a lot at first, but a current computer would guess such a password in about seven seconds. However, an attacker needs about 66 years if the password is extended by six characters to twelve characters.
- Use Passphrases: Using a single word as a password is considered insufficient. For example, passwords like „football1234“ or „password+“ can be guessed too easily. Therefore, a passphrase should always be used that cannot be found in any dictionary but at the same time is easy to remember. This is important because cybercriminals use statistically probable combinations that quickly expose a familiar word sequence, thus making the password insecure.
Example: A passphrase can be easily generated from the phrase „I am a good password for security.“ Many do not know that a space can also be used for a password. This would lead to the following passphrase: „!m a g00d PASSWORD f0r Secur!ty.“
- Change passwords correctly: If you change the password, the new one should not be derivable from the previous password. Many users add a month or a year as a number to the password or also a consecutive number. Other users change a good password to something simpler make logins more convenient for themselves. Generally speaking, a password only needs to be changed if a website requests it, if someone observed the password being entered or if a database of an online portal was reported to have been compromised. If a database is affected on which you saved your password, you can have a look on the website „Have I Been Pwned“.
- Immediate Update: Security updates are essential in the days of Meltdown and Spectre if you want to protect your computer or mobile device. In general, the motto is to keep the operating system and the installed software or apps up to date and to install updates immediately after they released.
- Two-factor authentication: Users should use two-factor authentication wherever possible. The option may be also called „two-step sign-in“ or similar. Facebook, LinkedIn, Dropbox, Google, PayPal and some other major service providers offer this as an option.
- Keep Antivirus protection up to date: Desktop, notebooks and even smartphones and tablets should always have the latest antivirus protection. Users often believe that mobile devices are not affected by security risks. This is a remarkably persistent misconception, because cyber criminals are also using mobile devices for their business.