Are your passwords secure? Use a password manager

We use passwords for all our online essentials. There is the password for your email server, your pension statement, and all your other online subscriptions. Remembering many secure passwords is a challenge. Is a password manager a solution for you? But how secure are password managers? And how do they work?

We use passwords for all our online essentials. There is the password for your email server, your pension statement, and all your other online subscriptions. Remembering many secure passwords is a challenge. Is a password manager a solution for you? But how secure are password managers? And how do they work?

Consider what you use as a password

In 2020, the administration password at the municipality of Hof van Twente was ‘Welcome2020’ (in Dutch). It was easy for the staff to remember. But also easy for hackers to guess. The result: a massive ransomware attack on the municipality’s IT system. It is not only Dutch people who choose convenience over security. Of the billions of passwords stolen worldwide in 2022, ‘password’ was by far the most popular. At number 2: ‘123456’.

Do you use the same password everywhere?

So we choose passwords that are too easy. But there is another problem, says Tijs Hofmans, Privacy editor at Tweakers.net. “We have hundreds of accounts, so we often reuse the same password. If you use the same password on sites A and B, and the first site gets hacked, criminals can also log into site B.” In this era of data leaks, the basic advice is more important than ever: always use unique passwords. But how do you remember and manage them? One secure option is a password manager.

Remember one master password

“A password manager stores all your passwords in a secure vault,” Hofmans explains. “Most password managers can also generate strong, random passwords.” For example, ‘kdhj48H23D!-l09w’. When you log into an account online, the software automatically fills in the correct password. That way, you never have to remember all those passwords yourself. The only thing you do have to remember is the master password for the password manager. For that, please do not use ‘123456’.

Are password managers safe?

“A password manager is safe,” says Hofmans. “In theory, of course, there is a chance that such a service could be hacked. Sometimes things do go wrong. In August 2022, hackers broke into the popular password manager LastPass - although no passwords were stolen. Of course, their core business is security. If that goes wrong, they are out of business. So they work very hard to prevent that.” Your passwords are more likely to be leaked through poorly secured online shops than through your password manager.

What are the benefits for business owners?

A password manager makes sense for everyone, Hofmans believes. Especially for business owners. “If you work with customer data, it is important to secure it. But you also do not want anything to happen to your website or the online service you offer. Digital security is a business risk.” Several providers offer paid and free password managers. The password manager is usually the same in both cases, but those who pay may get extra services, such as more storage space for encrypted data. How do you choose the best password manager for your business? There are many comparison tests available, for example from Tweakers (in Dutch) or VPN Guide (in Dutch).

DIY password solutions

Do you still prefer to keep your passwords in your own hands? Here is how you and your employees can choose and use secure passwords.

• Never choose number strings or sequences from the keyboard. A five-digit password, such as ‘12345’, can be cracked by a computer in a microsecond (in Dutch).
• Consider the most commonly used passwords. These include ‘iloveyou’ or ‘superman’. So do not use those at all!
• Avoid using personal details that are easy to find online, such as your year of birth.
• According to experts, a password of fewer than 8 characters is weak (in Dutch). Choose at least 8 characters – but preferably 12 or more.
• Do you need to renew your password? Then really choose a new password. Do not just add another number after the password you have been using for 3 years. By doing so, you make it easy for hackers.
• A passphrase (in Dutch) is often easier to remember than a password, and often stronger too. ‘nextweekIwillregisteratKVK’, for example, turns out to be quite a suitable password phrase: only cracked after a few quintillion years.

Do not save passwords in your web browser

If you log into a website, your web browser usually offers to save your username and password by default. That way, it automatically fills in your details for you next time. This 'Autofill' functionality is convenient, but not secure. A hacker can easily steal all the passwords you store in the browser. For example, via a malicious plug-in in your browser. Or via a dangerous script on a web page you view. So do not store your passwords in your web browser, but in a password manager.

Check data leaks

Do you want to know if your login details have ever been leaked? You can check this on several websites. For example, on the police website (in Dutch), and on the Australian website haveibeenpwned.com, which collect major data leaks and hacks. On the Dutch site scatteredsecrets.com (in Dutch), you can even see which of your passwords are public. So you should change those soon.

Do you use a password manager for your business? We would like to hear from you. Share your experience with kvk.cyber@kvk.nl.