Password Tips
Password Tips
A strong password consists of a large and random number of upper and lower case letters, numbers and symbols. How can you remember such a password without writing it down? There are several ways. We will now look more closely at «Password Mnemonics», or memorable phrases.
«Password Mnemonics» entails using a whole sentence as a password, or one that stems from the mnemonic of the password.
Example of a mnemonic: (please do not use)
«I always drink my coffee at 5 minutes after 9’»
If an application does not accept longer passwords, then as the following example shows, the first letter of each word in the mnemonic sentence can be used to create the password.
Example mnemonic:
«I always drink my coffee at 5 minutes after 9’»
Example password: (please do not use)
Iadmca5ma9’
The system can be tailored to the individual and changed at any time. The possibilities are limitless. As an example, upper and lower case letters can be interchanged. What is important is that the system is simple and easy to replicate.
If the application is supported by two-factor authentication, then this additional protection should be activated.
Password pitfalls that should be avoided
Avoid using phrases or numbers that are easy to guess. This includes, for example, simple words, names and dates of birth or birth years. Avoid substituting letters with numbers or symbols – for example, substituting A with a 4 - referred to in computing jargon as «leet» or «leetspeak».
A separate password should be used for each service.
Safeguarding Passwords
Never write down a password. What sounds obvious is not always easy to implement, especially when each different service and website requires a different password (see: Password Misuse). Few of us are able to remember all our passwords. Help can be provided in the form of a password manager.
A password manager programme makes the creation, administration and use of secure passwords much easier. Using a password manager programme, you only need to remember the main password for password manager programme and the passwords for more sensitive services such as on-line banking. Further information on a Password Manager can be found on the Password Manager Information Sheet (in German).
The basic rules for safeguarding passwords:
- A password manager programme makes it easier to create and use secure passwords.
- Always remember, but never write down the most important passwords or passwords for sensitive services such as on-line banking.
- Never write down passwords, for example never write it on a Post-It note beneath the keyboard.
Password Misuse
Unauthorised persons could access a password by varying means. One method is to guess the password:
- Many users employ passwords that are easy to remember, such as personal details. This makes it much easier and often quicker to guess the password and to gain access to a computer system (Passwords Guessing).
- Simple or short passwords can be cracked through systematic trial-and-error attempts (Brute Force Attack). The success rate of such methods can be reduced by using strong passwords.
Tips for creating and safeguarding passwords can be found under Password Tips and Safeguarding Passwords.
Passwords can be also recorded in different ways. The most commonplace methods are:
- Through phishing (a link via email) a person is misled to a fake website that resembles the real one. A request is then made to input your username and password. Enter these details and the attacker will have your password data.
- Keylogger (specialised malware) is used to record the computer user’s details, thereby being able to observe or reconstruct the details of the computer user. Keylogger is also used by unauthorised persons to find out passwords.
- If the transmission of passwords is unencrypted, then it is easier for an unauthorised person to find out the password. This occurs, for example, during an unencrypted web access, recognisable through the abbreviation «http» in the browser address field. Encrypted connections, such as web access via TLS/SSL reduces this risk greatly. An encrypted connection is shown as the abbreviation «https» in the in the browser address field.
Simple password protective measures can be found under Protection Measures.
Protection Measures
It is essential to protect the devices on which the passwords are used.
The following five measures all help to improve data and password protection of any device:
- Protect personal information
- Defend attacks (firewall, install patches, malware protection)
- Prevent unauthorised access
- Encrypt sensitive information
- Back-up / delete information
More detailed information of the topics of smartphone and PC protection and Internet awareness can be found on the following websites:
- Data Protection Authority for the Canton of Zurich (in German):
- BSI for citizens (in German): https://www.bsi-fuer-buerger.de
- iBarry by Swiss Internet Security Alliance: https://ibarry.ch/en/
- eBanking but secure!: https://ebankingabersicher.ch/en/