✅ Secure password

SEEBURGER

The Engine Driving Your Digital Transformation

Trends & Innovations

Change Your Password Day

| | Director Business Unit E-Invoicing/SAP&Web Process, SEEBURGER AG
Change Your Password Day

In Germany February 1st is Change Your Password Day. How secure is your password? When did you last change it? If you suspect that this blog is speaking directly to you, now is the perfect opportunity to make your password secure. Let us show you how.

Password? Don’t give hackers a free pass!

It’s difficult to believe, but there are still passwords being used like ʽ123456ʼ and ʽPassword123ʼ. Such simple letter and number combinations are practically an open invitation to hackers to steal data. Yet these days, it should be clear to everyone why a secure password is so important. They are an integral part of both your business and personal lives, and everyone has dozens of them. No matter what you want to do online, whether booking accommodation on booking.com or buying something on Amazon, whether carrying out a financial transaction or just logging on to your company PC, you need a password.

As it’s understandably pretty difficult to create and somehow remember a new password for everything you do online, a number of users not only stick to simple passwords, they use these for several different accounts. Cyber attackers love this, as, once they‘ve cracked that password, it opens the door to the user’s entire online universe. You want to prevent this by making their task as difficult as possible.

Using a password strategy to protect personal data

The password manager service Nordpass has published a list of the most-used passwords in 2019, put together with the help of independent researchers who wish to remain anonymous. The list was put together from a database of 500 million entries, grabbed from a wide range of sources. These leaked passwords include simple number combinations such as ʽ12345ʼ or ʽ11111ʼ, as well as consecutive key combinations such as the middle row series ʽasdfgʼ.[1]

The top 20 most-used passwords in 2019 are as follows:

  1. 12345
  2. 123456
  3. 123456789
  4. test1
  5. password
  6. 12345678
  7. zinch
  8. czechout
  9. asdf
  10. qwerty
  11. 1234567890
  12. 1234567
  13. Aa123456.
  14. iloveyou
  15. 1234
  16. abc123
  17. 111111
  18. 123123
  19. dubsmash
  20. test

That’s pretty sad, isn’t it? In 2012, the American web portal GIZMODO announced a Change Your Password Day to create awareness of password security. We at SEEBURGER would like to use this day as an opportunity to encourage you to try out more complex – and therefore secure – passwords.

What makes a secure password?

Chaos, basically. An illogical series of characters. A secure password consists of at least eight characters – although 12 or even 16 would be better – and contains both upper and lower case letters, numbers, and special characters. The more random, the better.

Hackers basically only have two methods to crack passwords. One of these is to take a dictionary and try out all the words it contains. Therefore, make sure that your password isn’t in the dictionary.

The other option is to systematically try out series of key combinations such as aaaa, aaab, aaac, 12345,123456,1234567, etc, until a combination fits. This is known as a brute force attack. There is only one defence against brute force attacks: make your password as long as possible. A password only really counts as secure if it consists of at least 12 characters. The table below shows the maximum time a bruce force attack takes for different password lengths, based on a rate of 100,000 tries a second:

Password length
Range
& Type
4 Characters5
Char.
6
Char.
7
Char.
8
Char.
9
Char.
10
Char.
11 Char.12 Char.
10 [0–9]<1 ms<1 ms1 ms10 ms100 ms1 second10 seconds2 minutes17 minutes
26 [a–z]<1 second<1 second<1 second8 seconds4 minutes2 hours2 days42 days3 years
52 [A–Z; a–z]<1 second<1 second20 seconds17 minutes15 hours33 days5 years238 years12,400 years
62 [A–Z; a–z; 0–9]<1 second<1 second58 seconds1 hour3 days159 days27 years1,649 years102,000 years
96 (+ special characters)<1 second8 seconds13 minutes21 hours84 days22 years2.108 years202,000 years19 mill. years

Figure: Time needed to crack a password[2]

4 easy methods to remember complex passwords

  • The acronym method
    Take a sentence and use the initial (or end) letters of each word to create a password, adding a couple of numbers or special characters into the mix.

    Example I
    Sentence: ‟Oh I love to go a-wandering along the mountain track”
    Replace Oh with 0, ‘to’ with 2, and ‘a-’ with @ and  you get the following password: ʽ0Il2g@watmtʼ

    Example II
    Sentence:         ‟I love meat and two veg on Sundays!”
    Replace the word ‘two’ with 2 and ‘andʼ with ‘&’ and you get the following password:  ʽIlm&2voS!ʼ

  • The sentence method
    Here, you take a sentence which contains at least one number and put all the characters into a long line

    Example
    Sentence: ‟Six witches are watching six watches”
    Replace the instances of ‘six’ with ‘6’ and you get: ʽ6witchesarewatching6watchesʼ

  • The double word method
    In this method, you take two words which are then cleverly shortened and connected with special characters.

    Example
    The names of my pet gerbils, Alfred the Great and Fluffy, could produce the following password: ʽAlfredthegr8+Fluffyʼ

  • The Leetspeak method
    Leetspeak refers to a method in which individual letters can be replaced by numbers. ʽe/E’ is replaced by ʽ3’, while ʽo’ is replaced by ʽ0ʼ, ʽa/Aʼ by ʽ4 ʼ ,ʽsʼ by ʽ5ʼ and ʽi/Iʼ by ʽ1ʼ.

    Example
    The word: unsustainable therefore gives you the password: ʽun5u5t41n4bl3ʼ

So, how secure are your passwords? (I assume you have several?!!)? If you are using an insecure password, or just haven’t changed your password for ages, take action today and use Change Your Password Day as an opportunity to get creative and protect yourself with complex passwords. Did you know that passwords are considered the most vulnerable link in the IT security chain? For cyber criminals, but also for amateur hackers, weak passwords are basically an open invitation to get at data such as e-mail and postal addresses, telephone numbers, bank account details, and even business information. Start protecting yourself today!


[1] https://computerwelt.at/news/die-duemmsten-passwoerter-2019/

[2] https://de.wikipedia.org/wiki/Passwort

Get in contact with us.

We are looking forward to your message.

Share this post, choose your platform!
Rolf Holicki

About the Author:

Rolf Holicki, Director BU E-Invoicing, SAP&Web Process, is responsible for the SAP/WEB applications. He has more than 25 years of experience in e-invoicing, SAP, Workflow and business process automation. Rolf Holicki has been with SEEBURGER since 2004.