6 May 2021 | World Password Day: interview with CTO Sebastian Mendel

As a new customer in an online shop, a user in a social network or when using online banking: login data such as passwords accompany us every day. The safer they are, the better. But what is a good password and are password errors really always caused by the user? On World Password Day, we talked to our IT department and received some interesting answers.

Importance, fails, no-gos: an interview about passwords with our CTO Sebastian Mendel

Sebastian Mendel

Question: Why are passwords important?

Sebastian Mendel (S.M.): So that strangers can't spend your money and your identity on the Internet is safe.

Question: Why should passwords be changed?

S. M.: If abuse is suspected. For example, if your own data was published in a data leak.

Question: How often should a password be changed?

S. M.: Ideally never, because that doesn't increase security. Frequent changes, especially enforced by guidelines, can even reduce security, as it causes users to write down the passwords somewhere because they can no longer remember them.

Question: What are password failures?

S. M.: The biggest mistakes are often still made on the part of the provider, in which special characters are not allowed or the length is limited.

What about creative passwords?

S. M.: Don't get creative - use password generators. If it absolutely has to be a memorable password: Use passphrases, such as Wild-Hobbit-Does-Not-Wear-A-Lasersword.

What are good ideas?

S. M.: Use a password manager - if you don't have to remember passwords, you can make them more secure. Also, use multifactor authentication - especially when you have to rely on passwords that you have to remember.

Question: And things to avoid?

S. M.: Using one password, no matter how secure, for several or even all services. Machines should not use passwords for communication - keys, TOTPs, or tokens are the better choice. Sending passwords via email, chat, etc. is also bad - there are special services or functions for this.

Question: Which password tools can you recommend and why?

S. M.: Companies which need to share credentials (which applies to all companies) should enforce the use of services like Bitwarden, Hashicorp Vault and Hashicorp Boundary or Keycloak. Netresearch relies on these tools to ensure maximum security for its partners' data. If required, we also offer our partners support in introducing and integrating such services.

What we can learn about passwords

Overall, data security is an important factor when it comes to passwords. If we pay attention to the correct choice of letters, numbers and special characters, we are well protected against external attacks. And if in doubt, work with password generators and/or a password manager. In any case, there are enough tips and tools for everyday and professional needs to adequately protect yourself and your identity.

Do you not only want to protect yourself, but also your online shop or CMS from external attacks? Do you lack the time or resources for it? Then get in touch with us! We would be happy to check your system for security issues.

Book a free consultation with our expert Sebastian Hähner!

Sebastian Hähner
Your expert for OroCommerce & B2B commerce
 +49 341 - 47842 - 242

Share article:

New Blogposts

By Caroline Kuhn

We celebrate 20 years cooperation with AIDA

Communication, expertise and trust play a major role in the successful implementation of customer…

Read more
By Thomas Schöne
SSO connection with Keycloak for TYPO3 and Magento

For our customer AAP Lehrerwelt GmbH, which is part of the Klett Group, we implemented a…

Read more
By Caroline Kuhn
Dialog platform for MDF AG enables new communication ways

With the launch of the dialogue platform lej-nachbarn.de, a community solution for direct…

Read more
By Christoph Aßmann
Deutsche Post & DHL Shipping Magento 2 Extension Update - part 1

In the last quarter of 2021, Netresearch published two notable releases of the Deutsche Post & DHL…

Read more