“It is important that a strong password is chosen for each service and each account.” What should actually be part of the basics of cyber security is still a sentence that security experts repeat like a mantra. In an interview with the news agency spot on news, Christian Funk, head of the German-speaking research and analysis team at the IT security company Kaspersky, reveals what is important when choosing a password and the reasons for external password management.
The advantage of different passwords is obvious: “This is the only way to protect other accounts in an emergency, should a password actually be compromised,” explains Funk and says what is important when choosing a secure password: “A strong, secure password exists at least 16 characters and a combination of uppercase and lowercase letters, numbers and special characters.”
Strengthen better than change
Funk is critical of the fact that on “Change Your Password Day” on February 1st people are asked to change their password because it increases security: “As things stand today, changing access data regularly has a counterproductive effect on the security of online accounts off. This means that passwords tend to be weaker rather than stronger.” The Russian software company therefore proposes changing the focus of the anniversary: ”That’s why we at Kaspersky are not advocating a ‘change-your-password-day’, but rather a ‘ Strengthen Your Password Tag’.
Because of its convenience, many use the password management implemented in their browser. This often also offers the option of generating secure passwords. However, the information is then stored on the computer – is there a risk? “Modern implementations of password management in browsers have become better and more secure,” says Funk, but qualifies, “nevertheless, as a fixed part of the browser, they offer more attack surface for web-based attacks and in some cases weaknesses in the safekeeping of the Passwords, such as encryption.”
In the worst case, users “lose” their faces
If you want or need to be completely on the safe side, you can use additional software to manage your passwords. According to the expert, their advantage, in addition to the secure encryption of the password, is “that they also offer their services outside of the browser, for example when logging on to game launcher software such as Steam, Uplay or other portals with their own software.”
Funk warns to be particularly careful with biometric data: “The face and the fingerprint are unique, but the sensors and the code for verification can be outwitted in some cases. In the case of fingerprints, they can also be easily copied by a person and used to unlock devices.” In contrast to a normal password, the loss of biometric data is more far-reaching, explains Funk: “The big problem with this is that if a password is in falls into the wrong hands, the user can easily change it. If this happens with biometric information, then it is burned forever for security-related authentication methods.”
IT security means more than passwords
Criminal activities on the Internet make it necessary for users to be vigilant. “Unfortunately, users still think that they and their data are of no interest to cyber criminals,” comments Funk and warns: “That often makes them easy victims.” Even secure passwords alone do not protect against fraudulent intentions, the advice of the security expert: “Users should always be alert, use your own sanity and check where emails are coming from and from what sources they are downloading files.”