Five tips for creating a secure password – and stopping hackers

Fiona Egli & Debora Moos
May 6, 2021
Digital Pathfinders, faktischversichert
Cybercriminals are on the rise: Every day they get their hands on personal identify data such as email addresses and passwords, which they can then use for other illegal activities. Find out how to protect your data with our five tips for this year's World Password Day.

We use them all over the internet, each one should be unique in its complexity, but all too often we don’t give them enough thought – we’re talking, of course, about passwords. Every year on the first Thursday in May, World Password Day raises awareness of the importance of using secure passwords. After all, they are the last line of defence against unauthorised access to confidential data and personal accounts. For this year’s World Password Day, we would like to share five tips for protecting your data.

1. Use several or temporary email addresses.

Really keen to try out a new online game, but not sure whether the provider is trustworthy? Then register with a temporary email address. Providers like www.tempail.com allow you to set up anonymous single-use addresses quickly and without registering. Alternatively, you can also use several email addresses, using one solely for sensitive business such as online banking or as a reference for recovering your password.

2. Opt for a secure password.

As part of an annual survey, password manager NordPass published the 200 most common passwords used worldwide in 2020 and demonstrated how easy it is to hack them:

  • 123456: an estimated 2,543,285 users; hacked in less than a second
  • 123456789: an estimated 961,435 users; hacked in less than a second
  • picture1: an estimated 371,612 users; hacked in three hours

This lack of creativity is an open invitation to hackers. But what constitutes a secure password? Here’s an example:

  • Make up a password sentence, like: “I’ve had enough of the coronavirus & want to go on holiday to Italy again!
  • Then shorten the sentence by taking just the first letters of each word, and there you have it, a safe password: Iheotc&wtgohtIa!

This password is long, contains special characters and a mix of upper and lower case letters. It’s also almost impossible to guess.

In addition, there are also applications where you can log in using biometric features – i.e. fingerprint or facial recognition – instead of a password.

3. Change your password regularly.

Even if setting up different passwords for all your logins and changing these from time to time is tedious – it’s well worth the effort. Otherwise hackers will have no trouble cracking all your passwords as soon as they have found out one. You should also ensure that old and new passwords are not too similar – i.e. “Mypassword1” and “Mypassword2” are best avoided. And you should change your password at least once a year.

4. Use cross-platform password management.

This virtual vault is a database where you can save login details and passwords for different websites in encrypted form. This means that nobody can read your passwords without the corresponding general password. Of course it is extremely important that you create a very secure master password – but this means you need only remember one. Good examples of these password vaults are: KeePass, 1Password and Keeper Security. And interesting for all Microsoft users: the Microsoft Authenticator app will also have a password manager as an additional function in future. In addition, such password manager solutions offer another advantage in that they allow you to work with generated passwords. This means that the password manager creates a secure password for you and ensures that you only use each password once.

5. Set up a two-stage verification system.

A unique and complex password is a good first step, but you can ensure even more security by setting up a two-stage verification. In addition to entering the username and the password, you will be asked for further proof that you are actually the owner of the relevant account. This authentication often takes places in the form of an additional security code sent via a text message or via an app.