6 May 2021 | World Password Day: interview with CTO Sebastian Mendel

As a new customer in an online shop, a user in a social network or when using online banking: login data such as passwords accompany us every day. The safer they are, the better. But what is a good password and are password errors really always caused by the user? On World Password Day, we talked to our IT department and received some interesting answers.

Importance, fails, no-gos: an interview about passwords with our CTO Sebastian Mendel

Sebastian Mendel
CTO

Question: Why are passwords important?

Sebastian Mendel (S.M.): So that strangers can't spend your money and your identity on the Internet is safe.

Question: Why should passwords be changed?

S. M.: If abuse is suspected. For example, if your own data was published in a data leak.

Question: How often should a password be changed?

S. M.: Ideally never, because that doesn't increase security. Frequent changes, especially enforced by guidelines, can even reduce security, as it causes users to write down the passwords somewhere because they can no longer remember them.

Question: What are password failures?

S. M.: The biggest mistakes are often still made on the part of the provider, in which special characters are not allowed or the length is limited.

What about creative passwords?

S. M.: Don't get creative - use password generators. If it absolutely has to be a memorable password: Use passphrases, such as Wild-Hobbit-Does-Not-Wear-A-Lasersword.

What are good ideas?

S. M.: Use a password manager - if you don't have to remember passwords, you can make them more secure. Also, use multifactor authentication - especially when you have to rely on passwords that you have to remember.

Question: And things to avoid?

S. M.: Using one password, no matter how secure, for several or even all services. Machines should not use passwords for communication - keys, TOTPs, or tokens are the better choice. Sending passwords via email, chat, etc. is also bad - there are special services or functions for this.

Question: Which password tools can you recommend and why?

S. M.: Companies which need to share credentials (which applies to all companies) should enforce the use of services like Bitwarden, Hashicorp Vault and Hashicorp Boundary or Keycloak. Netresearch relies on these tools to ensure maximum security for its partners' data. If required, we also offer our partners support in introducing and integrating such services.

What we can learn about passwords

Overall, data security is an important factor when it comes to passwords. If we pay attention to the correct choice of letters, numbers and special characters, we are well protected against external attacks. And if in doubt, work with password generators and/or a password manager. In any case, there are enough tips and tools for everyday and professional needs to adequately protect yourself and your identity.

Do you not only want to protect yourself, but also your online shop or CMS from external attacks? Do you lack the time or resources for it? Then get in touch with us! We would be happy to check your system for security issues.

...or make an appointment right here!

Sebastian Hähner
Consultant e-commerce, product datan management,
Shopware, Magento, Akeneo

  +49 (0)341 478420

Share article:

New Blogposts

By André Lademann

Connect external databases to a TYPO3 CMS via OpenAPI

For a customer project, André from Netresearch connected an external database to a TYPO3 CMS using…

Read more
By Caroline Kuhn
Review of 2021: great projects, new customers & amazing team events

The year is drawing to a close and we want to look back at all the wonderful experiences. Follow us…

Read more
By Katarina Riedel
Netresearch implements B2B marketplace for Biermap24

Soon we are going to develop a B2B marketplace for the Biermap24 rating platform. We are pleased to…

Read more
By Thomas Fleck
Netresearch strengthens its competence in B2B commerce

Netresearch gained Holger Tautz from OXID eSales to strengthen its competence in B2B commerce.

Read more