How secure is my password? 8 tips for a good password

How secure is my password? Since hackers today have many opportunities to crack encryption and gain access to confidential data, users should choose their passwords carefully. That's why we have eight tips for you on how to create a strong password.

Nowadays, hackers have tools that fully automatically try out all possible character and number combinations, test entire dictionaries or try out previously published access data for various services. That's why it's particularly important that Internet users choose passwords that protect them from this.

However, many users find it difficult to do this. Too often they still use the combination “123456” or “qwert” or use a complicated password for several different programs, services or account access. Cyber ​​criminals have an easy time of it.

Get a secure password in just a few steps

For a password to be truly secure, it must meet certain quality requirements. The Federal Office for Information Security (BSI) has published some tips that can help users choose a good password.

The rule of thumb: A strong password can be either shorter and complex or long and less complex. A long password should be between 20 and 25 characters long. Then it is sufficient if only two types of characters are used, for example upper and lower case, for example “tisch_himmel_kenia_blau_pfannkuchenteig_lachen”.

If you choose a short password, you should use at least eight characters. It is also advisable that four different types of characters appear in it, i.e. upper and lower case letters, numbers and special characters. An example could be “q7yPv8!x§B”.

How secure is my password: 8 tips from the BSI

The BSI has also put together eight other tips that are important for a good password:

1. Create creative passwords: Use your creativity to come up with a strong password that is easy to remember. You should also convert certain letters into numbers and integrate special characters to increase security.
2. The longer the better: The BSI recommends at least eight characters. For WLAN encryption such as WPA2 or WPA3, there should be at least 20 characters, as so-called offline attacks are possible here.
3. Use a variety of characters: A good password should contain different types of characters, including uppercase and lowercase letters, numbers and special characters. However, please note any technical requirements of the individual services.
4. Avoid personal information: Don't use easy-to-guess terms, such as names of family members, friends, or pets. Dates of birth should also be taboo. They are more vulnerable to attacks.
5. No common patterns: Passwords should not consist of common variations and repetition or keyboard patterns such as “asdfgh” or “1234abcd”. You are already on a so-called blacklist and are often rejected outright by providers.
6. No simple additions: Simply adding a number or one of the common special characters to the beginning or end of a simple word is not a recommended security measure.
7. Use password manager: Password managers help generate and manage strong, diverse passwords. This makes it easier for you to secure and access your various accounts.
8. Avoid certain characters: Avoid using special characters and umlauts that may not be available on all keyboards or may be encoded differently. These include, for example, “ä, ö, ü, ß, € or ¢”.

Two-factor authentication for greater security

Many online services now offer procedures with which users can identify themselves in addition to entering a password when they log into an account. This so-called two-factor authentication is available in numerous variants, which can range from an individual code via SMS, the fingerprint to a hardware-supported TAN generator.

In any case, a login with a second factor offers a higher level of security than just entering a username and password. The BSI recommends combining two-factor authentication with a password that consists of eight characters and three types of characters.

Also interesting: