A password needs a sufficient number of characters, at least 12. With today's computer technology, billions of password combinations per second can be used to try to guess a password. The number of possible combinations grows exponentially with each additional character. That is why only a long password is a secure password.
PINs should be as long as possible, four characters are not much.
Do not select keyboard sequences such as "asdfghijkl" or "1234567890" or words that appear in a dictionary and are not or only minimally modified, e.g. "secret1" or "passw0rd".
These variants are found in so-called "rainbow tables" and are cracked in no time.
Do not use terms and numbers from your personal environment such as the date of birth of your daughter or the name of the cat.
A password safe or password manager stores passwords in an encrypted database. It is encrypted/decrypted with a so-called master password, which must be extremely secure.
Password managers can manage various attributes for each account.
With a built-in generator, secure passwords can be generated.
Advantages of a password manager:
The owner just has to remember one password: the master password
All passwords stored in the safe can be very long and complex, as they rarely have to be entered manually. In most cases "copy/paste" can be used.
All passwords are managed in one place and can also be retrieved with a mobile phone.
A common way to "remember" passwords is to save them within browsers. This involves risks:
These passwords are each encrypted with the login password for the computer. Anyone who knows the password of a computer can read out the passwords stored in the browser in plain text.
Attackers can try to steal these passwords with the help of malware.
Secure handling of passwords and PINs
The best password is of little use if you are careless with it.
It is recommended to choose different passwords or PINs for different user accounts, services or devices.
Because if your Facebook profile is hacked, you don't want to risk that your online banking is also left unprotected.
Never pass on passwords and PINs, neither to your assistants or to your team, nor to the IT supporter, not even to acquaintances and certainly not to strangers.
If you need to give other people access to data or processes in an application, make use of its delegation features.
Never write down your passwords and PINs in plain text.
If, in exceptional cases, it should nevertheless be necessary, they must be kept under lock and key and must only be accessible to authorised persons.
Avoid using the password memory of your browser if possible.
If you do want to use it, please note: Passwords that are stored in the password memory of the browser are encrypted with the login password of the computer. Therefore, use long and complex login passwords for your systems. Never give the device password to third parties, including IT support.
Use a password manager to securely manage your numerous passwords.
When choosing a password manager, make sure that the database containing the passwords is securely encrypted and you can define where the data is stored. ETH Zurich passwords must not be stored in the cloud.
Choose a very long, complex master password for your password manager.
If possible, protect your password manager with a second authentication factor.
If you know or fear that someone unauthorized has stolen your password:
