A password-secured computer probably should not be covered with post-its which reveal passwords, but many of today’s computers look exactly like that.
A flood of passwords for everything from e-mail accounts to PIN numbers to customer IDs for online purchases has most computer users engaged in a never-ending memory game. But now software is available that can help some people control the tide.
"Passwords are tough. They shouldn’t be so cryptic you forget them. But they need to be secure enough to protect your documents," says Guenther Ennen, head of IT Security Advising at the Bonn-based Federal Office for Information Security (BSI).
A good password has to be easy enough to remember but remain too tough to guess.
"You should include every character on the keyboard," says Daniel Bachfeld of the Hanover-based magazine c’t. That means capital and lower case letters and numbers and symbols.
"The more varied the combination, the greater the security," says Andreas Selle, a Munich-based computer programmer who develops password software.
A partner’s first name or birthday is too easy to figure out. Decryption software makes other words easy for hackers to figure out.
"Words that can be found in a dictionary are not really a hurdle for that kind of programe," says Ennen. The longer a password, the more secure. "Every extra character increases the potential for more possible combinations."
But even computer users with cryptic passwords are far from fully safe. "But anyone who uses a combination of at least eight letters, numbers and special symbols can at least make things hard for decryption software."
Creativity is also useful. For example, 123abc is really not a secure password. Bachfeld of c’t says it can help to make associations.
"You can take the first letters of the name of your favorite song and replace some of the letters with numbers. That means turning an ‘a’ into a ‘4’ or an ‘i’ into a ‘1.’ "You immediately get something cryptic that you can decipher yourself."
Under no circumstances should computer users use the same password for all programme and services. "It means everything gets hacked into as soon as one password is picked up," says Ennen.
But even the best security tactics are useless if a computer user gets reeled in by a phisher. "Anyone who enters their password into a fake site gets caught up."
It’s also a bad idea to copy and paste a password between documents and applications. "One of Internet Explorer’s weak points is that it’s easy to access the buffer into which people copy information."
Software that manages and secures software offers more security. Some of these programmes can be downloaded for free. Others cost between 10 and 30 euros (14 to 41 dollars).
But the programmes are only useful after they’re transferred onto a PDA or smart phone, putting the password information at a user’s fingertips.
"It’s no good if all your passwords are stored on your computer and you’re somewhere completely different," says Bachfeld.