BSI warns against overly complex passwords

In a Communication the Advisory Council for Digital Consumer Protection at the German Federal Office for Information Technology (BSI) warns against passwords that are too complex and against forcing users to constantly change passwords. This can also backfire, because users then usually reuse simple patterns. This is also against the background of the fact that compromised passwords must be changed immediately. The Council also warns that device manufacturers often store location passwords in the settings and leave users in the dark about this. The attacked parties then bear the security risk.

Password manager: still not very common

Two-factor authentication is known to only 43 percent of all Internet users aged 16 and over. SMS messages and codes via e-mail as a second layer of protection are the most frequently used 2FA methods. The first commandment is to choose a different password for each account. In addition, it is always better to use longer passwords or phrases consisting of several words, which are easier to remember. The use of password managers is still not very widespread. Many users are skeptical because they cannot always verify whether the passwords stored there are really secure. The authors state that there is always a residual risk. However, the risks should be weighed against greater risks such as password recovery, the BSI complains. In addition, many users do not know that the digital key managers also provide protection when passwords are entered on fake websites.

Source: BSI/Heise, editorial office