Are your pass­word prac­tices secure?

Users are not given an exactly clean bill of health by secu­rity researchers: In spite of all aware­ness cam­paigns, a large majority is still using weak passwords.

A cur­rent article pub­lished in the PCtipp com­puter mag­a­zine was head­lined “The sil­liest pass­words of 2022”.  Sim­ilar to pre­vious years, the “123456” char­acter string still held the inglo­rious first place in the most pop­ular pass­words charts col­lated by the Hasso-Platner-Institut (HPI) each year. The other pass­words making the top ten were little better. This latest analysis was based on over a mil­lion leaked access data.

Simple pass­words are easy to remember – but even easier to crack. It takes any com­monly avail­able com­puter less than a minute to crack that “123456” pass­word.

But just why are aware­ness cam­paigns advising on the cor­rect use of pass­words seem­ingly of so little avail? Studies like the “Psy­chologie der Pass­wörter” (Pass­word psy­chology) by pass­word man­ager sup­pliers Last­Pass try and pro­vide an expla­na­tion. As per their research, the over­whelming majority of those ques­tioned are con­vinced they are well-versed as far as pass­words are con­cerned and 73% con­sider their pass­words to be secure. Still: 69% say they are at least using strong pass­words for their e-banking – drop­ping to a mere 38% as far as social media are concerned.

Gen­er­a­tional dif­fer­ences also play a role. It is par­tic­u­larly younger users who use risky pass­word prac­tices without even real­ising. One thing which is striking: Across all the age groups, all those things learned during secu­rity training ses­sions is only put into prac­tice inad­e­quately or not at all.

This can be reme­died by using pass­word man­agers, for instance KeePass, as they sim­plify the admin­is­tra­tion of all those – fre­quently quite numerous – access data, no matter how com­plex and hence secure they are. Fur­ther infor­ma­tion on how to use pass­words securely can be found here.