February 1 is Change Your Password Day. We talked to Prof. Dr.-Ing. Marietta Spangenberg about her field of information security. A conversation about passwords, hackers and the convenience of Germans.
Prof. Dr. Spangenberg, should we all change our passwords on February 1st?
No, that doesn't necessarily make sense. But you can use today to at least think about how secure your passwords are. And if you haven't changed your passwords for a while, it's a good idea to do so in the next few days. Especially if you - like 2 billion others - are currently affected by the major email leak. Then it's high time for a secure password.
What makes a secure password?
The password length is important, it should be at least eight characters, preferably more. So that the password is also resistant to attacks. The characters used should contain upper and lower case letters, numbers and special characters. You should be careful not to use any terms from your immediate environment, e.g. pet names of your partner or pet. You could come up with a sentence that is easy to remember; then just take the first letters of the sentence and add little tricks, perhaps replacing a b with an 8, etc.
Does a good password really protect me from hacker attacks?
There are, of course, even more ways in which an attacker can strike. But a good password is one point in the line of defense. There is never one hundred percent protection.
How often should I change my passwords? There is no one-size-fits-all answer. If you suspect or realize that someone could have access to your password or one of your accounts, you should act immediately. Many platforms also offer automatic password changes at regular intervals, e.g. every 72 days. Constantly changing your password is useless, it is also detrimental to the security of your password.
In what way? If you only change a little bit at a time, you will create sister passwords. These are very similar to the old password, differing only in minor details, e.g. one letter, one number, and can therefore be easily cracked.
Should you use a different password for each platform? Definitely. Especially if this password is also linked to your email account and therefore to your most personal data and most important accesses. You often use your email account to have forgotten passwords sent to you: it is now easy for hackers to get your private information such as bank details and PIN once they have cracked your password.
How can you remember the password for every platform you are registered on?There are management systems for passwords. So-called password managers. You only need to remember a single password, the master password. The program takes care of the rest. If your computer or cell phone were hacked, everything would be securely encrypted.
So there is a lot at stake if we are careless with passwords. So why are we so unimaginative when it comes to thinking up passwords? Some of the
most popular variants are simple sequences of numbers, such as 1234. Because people are comfortable and don't appreciate the value of their information. A password is like a key to our most important and private information. And normally we take care of our keys, we don't give away a house key carelessly. In the virtual world, we think: oh, that's just data. People are not really aware of the value of information.
What is the future of passwords? Will there
only be fingerprints at some point?The password as such will be with us for a while yet, because biometrics doesn't offer comprehensive security either. The fingerprint is very easy to manipulate. This function was immediately hacked on the iPhone. Facial recognition was also compromised after a short time. Two-factor authentication will be used more in the future. Probably in a combination of fingerprint and password.
Prof. Dr.-Ing. Marietta Spangenberg from the Faculty of Electrical Engineering and Computer Science has been teaching at the HSZG since 1992. Her areas of expertise are computer networks, information security, IT security management and data protection.
The interview was conducted by Sophie Herwig
