6 May 2021 | World Password Day: interview with CTO Sebastian Mendel
As a new customer in an online shop, a user in a social network or when using online banking: login data such as passwords accompany us every day. The safer they are, the better. But what is a good password and are password errors really always caused by the user? On World Password Day, we talked to our IT department and received some interesting answers.
Importance, fails, no-gos: an interview about passwords with our CTO Sebastian Mendel
Question: Why are passwords important?
Sebastian Mendel (S.M.): So that strangers can't spend your money and your identity on the Internet is safe.
Question: Why should passwords be changed?
S. M.: If abuse is suspected. For example, if your own data was published in a data leak.
Question: How often should a password be changed?
S. M.: Ideally never, because that doesn't increase security. Frequent changes, especially enforced by guidelines, can even reduce security, as it causes users to write down the passwords somewhere because they can no longer remember them.
Question: What are password failures?
S. M.: The biggest mistakes are often still made on the part of the provider, in which special characters are not allowed or the length is limited.
What about creative passwords?
S. M.: Don't get creative - use password generators. If it absolutely has to be a memorable password: Use passphrases, such as Wild-Hobbit-Does-Not-Wear-A-Lasersword.
What are good ideas?
S. M.: Use a password manager - if you don't have to remember passwords, you can make them more secure. Also, use multifactor authentication - especially when you have to rely on passwords that you have to remember.
Question: And things to avoid?
S. M.: Using one password, no matter how secure, for several or even all services. Machines should not use passwords for communication - keys, TOTPs, or tokens are the better choice. Sending passwords via email, chat, etc. is also bad - there are special services or functions for this.
Question: Which password tools can you recommend and why?
S. M.: Companies which need to share credentials (which applies to all companies) should enforce the use of services like Bitwarden, Hashicorp Vault and Hashicorp Boundary or Keycloak. Netresearch relies on these tools to ensure maximum security for its partners' data. If required, we also offer our partners support in introducing and integrating such services.
What we can learn about passwords
Overall, data security is an important factor when it comes to passwords. If we pay attention to the correct choice of letters, numbers and special characters, we are well protected against external attacks. And if in doubt, work with password generators and/or a password manager. In any case, there are enough tips and tools for everyday and professional needs to adequately protect yourself and your identity.
Do you not only want to protect yourself, but also your online shop or CMS from external attacks? Do you lack the time or resources for it? Then get in touch with us! We would be happy to check your system for security issues.