Are your passwords secure? Use a password manager

People most commonly use passwords such as ‘123456’, ‘password’ and ‘qwerty’. They have been using them for years. They are easy to remember, but can be cracked by a hacker in less than a second. Discover how a password manager creates secure passwords for you.

Do you use the same password everywhere?

So we choose passwords that are too simple. But there is another problem: we often reuse the same password. With hundreds of accounts, this is understandable but not wise. Do you use the same password on 2 websites? If so, a criminal who hacks one site can easily log into your account on the other website. You can prevent this with a password manager. It creates and stores unique, strong passwords for all your accounts.

Remember one master password

A password manager stores all your passwords in a secure digital vault. It can usually also generate unique and strong passwords for you. For example, ‘kdhj48H23D!-l09w’. Fortunately, you do not have to remember a password like that. The manager automatically fills it in for you when you log in to an account. What you do need to remember is the password for your password vault itself. If you forget this master password, you have a problem.

Are password managers safe?

You can assume that a password manager is secure. Security is everything for a provider of such a service. If they cannot promise security, they will not be around for long. However, things do sometimes go wrong. In recent years, hackers have broken into the password manager LastPass several times. Nevertheless, your passwords are more likely to end up on the street via poorly secured webshops than via your password manager.

Selecting a password manager

Various providers offer paid and free password managers. The basic features are the same in both cases. If you pay for it, you get extra storage space or extra security for your passwords, for example. But how do you choose? Take a look at comparison sites such as Tweakers (in Dutch) or VPN Guide (in Dutch).

DIY password solutions

Do you still prefer to keep your passwords in your own hands? Here is how you and your employees can choose and use secure passwords.

• Never choose number strings or sequences from the keyboard. A five-digit password, such as ‘12345’, can be cracked by a computer in a microsecond (in Dutch).
• Consider the most commonly used passwords. These include ‘iloveyou’ or ‘superman’. So do not use those at all!
• Avoid using personal details that are easy to find online, such as your year of birth.
• According to experts, a password of fewer than 8 characters is weak (in Dutch). Choose at least 8 characters – but preferably 12 or more.
• Do you need to renew your password? Then really choose a new password. Do not just add another number after the password you have been using for 3 years. By doing so, you make it easy for hackers.
• A passphrase (in Dutch) is often easier to remember than a password, and often stronger too. ‘nextweekIwillregisteratKVK’, for example, turns out to be quite a suitable password phrase: only cracked after a few quintillion years.

Do not save passwords in your web browser

If you log into a website, your web browser usually offers to save your username and password by default. That way, it automatically fills in your details for you next time. This 'Autofill' functionality is convenient, but not secure. A hacker can easily steal all the passwords you store in the browser. For example, via a malicious plug-in in your browser. Or via a dangerous script on a web page you view. So do not store your passwords in your web browser, but in a password manager.

Check data leaks

Do you want to know if your login details have ever been leaked? You can check this on several websites. For example, on the police website (in Dutch), and on the Australian website haveibeenpwned.com, which collect major data leaks and hacks. On the Dutch site scatteredsecrets.com (in Dutch), you can even see which of your passwords are public. So you should change those soon.

Do you use a password manager for your business? We would like to hear from you. Share your experience with kvk.cyber@kvk.nl.

A future without passwords?

Perhaps we won't use passwords anymore in the future. This is due to new ways of logging in, such as passkeys. With a passkey, you don't log in with a password, but with your phone, computer or other device that can handle passkeys.

How a passkey works

When you create a new account, your device creates 2 digital keys. A secret key that stays on your device. And a public key that is stored with the account. When you log in to such an account, it checks whether the 2 keys belong together. You complete the login process with, for example, a fingerprint or facial recognition via your device. Passkeys are still relatively new, so for the time being we will continue to use passwords and password managers.