Netresearch Blog

Blog

Our blog contains all news and insights. We make our knowledge available, give tips, and inform you about everything that happens inside and outside our company.

6 May 2021 | World Password Day: interview with CTO Sebastian Mendel

As a new customer in an online shop, a user in a social network or when using online banking: login data such as passwords accompany us every day. The safer they are, the better. But what is a good password and are password errors really always caused by the user? On World Password Day, we talked to our IT department and received some interesting answers.

Importance, fails, no-gos: an interview about passwords with our CTO Sebastian Mendel

Sebastian Mendel
CTO

Question: Why are passwords important?

Sebastian Mendel (S.M.): So that strangers can't spend your money and your identity on the Internet is safe.

Question: Why should passwords be changed?

S. M.: If abuse is suspected. For example, if your own data was published in a data leak.

Question: How often should a password be changed?

S. M.: Ideally never, because that doesn't increase security. Frequent changes, especially enforced by guidelines, can even reduce security, as it causes users to write down the passwords somewhere because they can no longer remember them.

Question: What are password failures?

S. M.: The biggest mistakes are often still made on the part of the provider, in which special characters are not allowed or the length is limited.

What about creative passwords?

S. M.: Don't get creative - use password generators. If it absolutely has to be a memorable password: Use passphrases, such as Wild-Hobbit-Does-Not-Wear-A-Lasersword.

What are good ideas?

S. M.: Use a password manager - if you don't have to remember passwords, you can make them more secure. Also, use multifactor authentication - especially when you have to rely on passwords that you have to remember.

Question: And things to avoid?

S. M.: Using one password, no matter how secure, for several or even all services. Machines should not use passwords for communication - keys, TOTPs, or tokens are the better choice. Sending passwords via email, chat, etc. is also bad - there are special services or functions for this.

Question: Which password tools can you recommend and why?

S. M.: Companies which need to share credentials (which applies to all companies) should enforce the use of services like BitwardenHashicorp Vault and Hashicorp Boundary or Keycloak. Netresearch relies on these tools to ensure maximum security for its partners' data. If required, we also offer our partners support in introducing and integrating such services.

What we can learn about passwords

Overall, data security is an important factor when it comes to passwords. If we pay attention to the correct choice of letters, numbers and special characters, we are well protected against external attacks. And if in doubt, work with password generators and/or a password manager. In any case, there are enough tips and tools for everyday and professional needs to adequately protect yourself and your identity.

Do you not only want to protect yourself, but also your online shop or CMS from external attacks? Do you lack the time or resources for it? Then get in touch with us! We would be happy to check your system for security issues.

...or make an appointment directly!

Luca Becker
Your expert for OroCommerce
& B2B commerce

Share article:

New Blogposts

Continous Testing: Molecule und Vagrant

By Sebastian Mendel genannt Mendelsohn

How Ansible, Molecule and Vagrant are revolutionizing testing

Make Ansible automations testable and detect deployment errors earlier? Discover how to automate…

Read more
Netresearch: TYPO3 Developer Days Karlsruhe 2022
By Tobias Hein

Netresearch war dieses Jahr mit zwei Pro-Sessions bei den TYPO3 Developer Days in Karlsruhe…

Read more
20 years of AIDA customer relationship
By Caroline Kindervater

Communication, expertise and trust play a major role in the successful implementation of customer…

Read more
Livegang SSO-Anbindung with Keycloak for Lehrerwelt
By Thomas Schöne

For our customer AAP Lehrerwelt GmbH, which is part of the Klett Group, we implemented a…

Read more