I think the Internet would be a better place if everyone would used a separate and secure password for each (online) account.

With this article, you can instantly improve your password security to better protect social media and online accounts.

Are you one of those who use the same password everywhere? This makes you easy prey for criminal hackers and scammers.

How do I actually get hacked?

Most of us are not attacked directly. As a rule, criminal hackers manage to circumvent the security precautions of a large Internet provider or other companies. We are affected because these institutions were unable to adequately protect our data.

Globally operating companies with many users (e.g. social media, bonus programs, banks) are interesting targets. When a provider is hacked, millions of records are often captured in one fell swoop. In addition to login & password, name, email, home address and payment information are often included.

Activist Troy Hunt, a senior Microsoft employee, privately runs a “collection” of the leaked “hacks” and offers a free service on his page HaveIBeenPwnd that allows anyone to verify their email address, cell phone number or Password appeared in a “hack”. If you learn from a service provider (or via HaveIbeenPwnd) that your identity has been stolen, you must act and change the login and password combination immediately.

Here are some known examples of HaveIBeenPwnd from 2021 / 2022:

What do criminal hackers do with the captured data?

They will first test all captured account/password combinations on all other known (social media) accounts on these planets. For these tests they use automated tools. If they manage to break into more accounts, they can sell the information gathered in this way, use it against you, and possibly harm you directly.

Without painting too black… Identity theft and access to your bank account are possible scenarios.

What can you do right now to prevent this?

Password security: From today on, use a separate, secure password for each of your accounts.

To minimize the damage of a hack, you must use a separate secure password for each account / access! By the way, this also applies to your hardware. Every computer, every pad, your cell phone should have a separate, secure access code.

That sounds complicated? Keep reading, I’ll show you how to make it work.

What are the types of passwords?

(1) Password phrase: A long not so complex password.

Use a long password (min. 25 characters), which can consist of several words in upper and lower case.

Example: “R a s e n E n g e l t a n c e i n S c h n e e a n d f r i s s K o h l”

(2) Short and difficult password

Use a short, difficult password (min. 8 characters), which consists of 4 types of characters (upper and lower case letters, numbers and special characters).

Example: “d 8 L v 4 ! c §”

In my experience, password phrases come in handy when you need to remember passwords. For example, when unlocking a computer or laptop.

Use 2 factor authentication if possible

Many providers / apps now want to check your authenticity by asking on a 2nd channel whether it is really you who is registering there. This is called 2-factor authentication.

It works something like this. You log in to the web with account / password and your provider sends you e.g. by email a “one-time password”, which you have to enter additionally.

I think 2-factor authentication is a great thing if you don’t have to give out your mobile number. Unfortunately, many providers use 2-factor authentication as a backdoor to get your mobile number.

Never give out your cell phone number.

An elegant way out is 2-factor authentication with so-called software- or hardware-based TAN generators. This provides a high level of security and makes the disclosure of further personal information such as email address or cell phone number unnecessary.

Install a trusted password manager

One reason why many people use one password for many different accounts is that you can’t remember the many different passwords, of course. This is where the password manager comes into play. A description of what a password manager can do and which password managers are trustworthy can be found in BaseCamp.

However, you are welcome to shortcut this and download Bitwarden. Bitwarden is free for private users, trusted, secure and open-source. Bitwarden stores your account & password data end-to-end encrypted and also offers an app for your browser and for Windows, Mac, Linux, the iPhone and for Android devices with which you can conveniently access your password database.

After installation, the first thing to do is to think of a very strong password. This will be the only password you really need to remember in the future. I recommend you to use a long password phrase with at least 25 characters of upper case letters, lower case letters, numbers and special characters.

Example: “T h e e d l e n 4 u n t a s ! f a c t o r T r a c t o r”

In case of emergency, you can write this password on a piece of paper (without a hint what it is for) and hide it somewhere.

Sit down now and change all your passwords

(1) First make a list of all your Internet accesses with account / old password.

(2) Log in once every time you access the Internet and change your password to a new, secure password.

Important: Bitwarden can help you with this! Just tell him how long and difficult the password should be and he will randomly generate suggestions for you, which you can simply accept and save in the BitWarden.

It may be a long night, but you can sleep soundly the next few nights. Because you are no longer easy prey.

Lastly, check your phone again and …

Check the app permissions

The less an app/vendor knows about you, the less a criminal hacker can capture. Therefore, be sure to check the app permissions on your phone. Not every app needs to have access to your phone’s camera, location and address book!

Lock your phone

No one should have random access to your apps / your accounts. If you haven’t locked your phone yet, do it now. Take at least a 6-digit random PIN code. Memorize it and don’t give it away.

Of course, a longer, random code is better and more secure. You can combine it with fingerprint or facial recognition.

Sources, tips and links for further reading

CloudPirate, Self-Defense BaseCamp – Protect your identity with strong passwords, 20.01.2023

Electronic Frontier Foundation (EFF), Creating Strong Passwords, Jan. 20, 2023.

Troy Hunt, I am running Have I Been Pwned, 01/20/2023

Cover image, © Cloudpirat 2023