E-Mail accounts are one of our most important communication tools: we use them to register for online portals, for private and business exchanges, and as an organiser and digital address book. It is therefore all the more important to make sure your account is well-protected. But what if your e-mail account does get hacked? Our guide explains what methods internet criminals use to gain access to...
With people setting up more and more accounts by the day, it’s more important than ever to make sure they’re all protected with strong passwords. Data leaks like “Collection #1-5” show how important strong and unique passwords are in the fight against cybercrime. Too often, users go down the easiest route of assigning passwords, despite all the warnings, without being aware of the serious consequences of data theft.
Password security in 2019: Between Cloud and Collection #1-5
In recent years, global networking and digitization have been driven forward at a rapid pace. A life without internet and the World Wide Web, without the possibilities of the cloud, and without social media is hard for most people to imagine: Online we do business, find new contacts, carry out private or business conversations, buy and sell, pay, play, stream music or films, store files, and inform ourselves about the latest news from all over the world via news portals.
We put a huge amount of sensitive data into the hands of companies and technology, with passwords in most cases being the only protective measure - one that is apparently often not taken seriously enough - at least that's what the numerous recent data leaks suggest. Cybercriminals have repeatedly succeeded in using attack methods such as malware, phishing e-mails, and brute force attacks to obtain login information and therefore gain access to confidential user data. In 2014, for example, criminals were able to access various log-in information for Apple’s iCloud and published private photos of numerous VIPs because their login data could be identified with little effort.
As part of the aforementioned “Collection #1-5”, more than two billion e-mail addresses including passwords were published in January 2019. They originate from a wide variety of leaks, some known, some unknown to date. Events like these clearly underline the importance of high password security. The results of a representative survey conducted by GMX of 1,050 people are all the more astonishing: 64% of people stated that they use the same password for some, or even all, of their online accounts, while only 21% use a different password for each of them. The 2019 GMX study also revealed that 9% had never even changed their main e-mail account password, which leaves them very vulnerable.
The security of your own passwords is often overestimated
There are several reasons why many internet users are so careless with topics such as password security or cyber security: For example, many presume that their own data is so uninteresting for criminals that an attack is out of the question. A further misconception is that it is not so bad in principle if strangers have access to simple services such as social media or e-mail accounts. For this reason, many people don't spend much effort on creating strong passwords. The fact that inboxes and user accounts for cyber criminals are often just the entrance ticket to the entire digital data world of the victims is often more or less ignored.
In addition, many users see no need to change their own password behaviour because they already consider their own passwords secure enough or trust that their own security software or that the security solutions of internet providers and service providers offer sufficient protection against data theft.
In most cases, cybercriminals do not use their own computers for their attacks, but the devices of innocent users. Previously, malicious software was planted into these systems, enabling the attacker to remotely operate the hijacked system. The infected computers that are combined for potential attacks in huge networks are often referred to as bots or zombies.
Too often used, transparent, lacking inspiration: Typical password errors are still happening in 2019
Hacking a single service can also result in data loss on other platforms. Many users don’t take this warning seriously, which is clearly demonstrated by the fact that almost two thirds (64%) of users in 2019 continue to use the same password for several accounts. This figure so high that it signals how important educating people on password security is.
This is also reflected in the fact that one in five (21%) uses personal information such as birth dates, favourite football club, or hobbies when creating passwords. This is especially risky since a lot of these answers can be found on the user’s social media accounts. In addition, many users do not use special characters (only 45% use them), which makes it unnecessarily easier for cybercriminals to decipher the code with the help of tools.
The wish for the future of password security: More imagination and complexity
You need to put a lot of effort into creating secure passwords if you want to take advantage of the digital world without taking any unnecessary risks. Because criminals are constantly developing new ways to find passwords, you should never settle for a simple solution, and keep perfecting your password strategy. GMX experts recommending adhering to the following advice to make sure your passwords as a secure as possible:
- Each password should be different for each account.
- Passwords should be at least eight characters long and contain special characters, lowercase and uppercase alphabetic characters, numbers and symbols if permitted.
- Passwords should be difficult for others to guess – not based on information you could find on the internet or which is known to friends or colleagues.
- The best passwords are randomly generated and are not found in a dictionary.
The last point may seem difficult to follow especially in view of the large number of online services, where users are registered on average nowadays: One in three respondents (30%) stated that they used 10 or more services with e-mail and password login.
In view of such figures, it is clear that a password strategy with different, complex and creatively chosen passwords is difficult to implement without appropriate tools. Experts therefore recommend either a password system, in which an unbreakable master password is varied, or the use of password managers, which often not only guarantee password security, but also enable you to generate secure passwords.