Passwords have fundamental importance in protecting IT systems and data. The correct selection and handling of passwords can contribute significantly to security against unauthorized access and manipulation.
Passwords must be sufficiently complex not to be guessed. On the other hand, they must not be so complicated that they have to be forgotten or written down.
Some basic rules should be followed:
Surnames, first names, dates of birth, telephone extensions, license plates etc. should not be used. They are easy to locate and are tested with certainty when attempting to guess a password.
Passwords should not consist of terms that could be found in a dictionary (or any other language). Programs that are used to locate passwords use word lists with several thousand terms to decrypt passwords of this kind within a very short time. Proper names and geographical terms should also be avoided as far as possible.
Trivial passwords (aaaaaa, qwertz, asdf, 123456, 08/15, 4711 etc.) should also not be used. Apart from the fact that such passwords can also appear in word lists, they are usually already recognizable when observing the password input.
The password must be sufficiently long. For “normal” users it must be at least eight characters long, for user accounts with special rights (administrator, root, service accounts etc.) a longer password should be chosen.
A password should be composed of different types of characters. Ideally, it should consist of uppercase letters, lowercase letters, numbers and/or special characters (punctuation marks, currency symbols, etc.).
If many different passwords are used, these can also be managed with the help of a password manager. Such programs use a master password to protect stored passwords. This master password should of course be chosen very carefully and meet the above criteria.
Passwords are the key for your own computer and Internet accounts as well as for all data stored there. If unauthorized persons have access to a computer, they get a good insight into private life and see bank accounts, family photos and music collections.
This makes it all the more important to handle your passwords responsibly and make it as difficult as possible for potential criminals. There are a few points to keep in mind:
Do not share your passwords with anyone. If this should happen, change the password of the affected accounts immediately.
Always use different passwords for different applications or pages. Especially for critical websites such as online banking sites, online shops or your own wireless network, it is essential to choose different passwords to make access more difficult for unauthorized persons.
Avoid reusing the username (or part of it) as a password.
Change your passwords regularly. A predictable only marginal change, such as the modification of the last character, is not an effective change. Change your passwords regularly (for example, annually) and choose completely new character combinations.
Do not send passwords by e-mail, even if you are prompted to do so.